I could very easily be mistaken that the checkbox ...
# macos
I could very easily be mistaken that the checkbox in (now as of Ventura) System Settings isn't actually defaults (or otherwise) directly read-able
your saying there is no plist that can be read to figure out the state of that checkbox?
All detection methods I've heard of so far have been unable to directly detect this without shelling out to the wonderfully unreliable softwareupdate binary https://macops.ca/os-x-admins-your-clients-are-not-getting-background-security-updates/ /cc @frogor
heck I'll mention @groob too, but I'm pretty sure it's a private framework/lost cause
could be slurped into the keychain like mobileconfig profiles
There was a private framework I used in Launcher once that was reading all those checkboxes. @seph might know if it still works.
Alternatively could check the os version and compare it against https://gdmf.apple.com/v2/pmv, and
... and if the latest update for the OS has been out > x days, and its not installed, let me know etc. For my use case, I just need to know that updates are being regularly applied - doesn't matter to me if it is set to autoupdate or not. (though it would be ideal if it was)
I don’t remember which ones groob wrote, but Kolide Launcher has a handful of tables for macos security updaters. Some use internal frameworks. It’s all a bit unclear.