Force a Computer Restart to Install macOS Updates

In light of the new "Force a Computer Restart to Install macOS Updates" feature in Jamf Pro 10.38.0, I've decided to create a bash function that should make life easier for admins that want to force updates on M1 machines.

Please refer to the screenshot below for more information on this feature.

New to bearer tokens? Don't worry about it, I've already done the work for you. Simply fill in your api account data and let the function take care of the rest.

#!/bin/bash



# Server connection information

URL="https://url.jamfcloud.com"

username="apiusername"

password="apipassword"



# Determine Serial Number

serialNumber=$(system_profiler SPHardwareDataType | awk '/Serial Number/{print $4}')



initializeSoftwareUpdate(){

	# create base64-encoded credentials

	encodedCredentials=$( printf "${username}:${password}" | /usr/bin/iconv -t ISO-8859-1 | /usr/bin/base64 -i - )

	

	# Generate new auth token

	authToken=$( curl -X POST "${URL}/api/v1/auth/token" -H "accept: application/json" -H "Authorization: Basic ${encodedCredentials}" )

	

	# parse authToken for token, omit expiration

	token=$(/usr/bin/awk -F \\" 'NR==2{print $4}' <<< "$authToken" | /usr/bin/xargs)

	

	echo ${token}

	

	# Determine Jamf Pro device id

	deviceID=$(curl -s -H "Accept: text/xml" -H "Authorization: Bearer ${token}" ${URL}/JSSResource/computers/serialnumber/"$serialNumber" | xmllint --xpath '/computer/general/id/text()' -)

	

	echo ${deviceID}

	

	# Execute software update	

	curl -X POST "${URL}/api/v1/macos-managed-software-updates/send-updates" -H "accept: application/json" -H "Authorization: Bearer ${token}" -H "Content-Type: application/json" -d "{\\"deviceIds\\":[\\"${deviceID}\\"],\\"maxDeferrals\\":0,\\"version\\":\\"12.3.1\\",\\"skipVersionVerification\\":true,\\"applyMajorUpdate\\":true,\\"updateAction\\":\\"DOWNLOAD_AND_INSTALL\\",\\"forceRestart\\":true}"



	# Invalidate existing token and generate new token

	curl -X POST "${URL}/api/v1/auth/keep-alive" -H "accept: application/json" -H "Authorization: Bearer ${token}"

}



initializeSoftwareUpdate

Upload this script in combination with a user interaction / jamfhelper dialog policy to start forcing updates again!!!

Lessons Learned 06/01/2022:

1. The update can take an extremely long time to kick off. I'm talking 1-2 hours +

2. While the Jamf Pro GUI can do full OS upgrades, it doesn't seem to be supported in the API.

Lessons Learned 06/23/2022:

1. I cannot recommend putting this into production. While my jamf helper script does guide the user through the update, The targeted device does not restart in a reasonable time.

2. At this time, the best options for Monterey updates and upgrades seems to be using Nudge or the startosinstall executable that comes packaged with macOS installers: Solved: Re: macOS installer script not working for Apple S... - Jamf Nation Community - 249859

Page 5 / 5

That's very strange because my script is basically an MDM Command in API form. If you don't want any interaction you can copy my original function above and just trow it in a policy.

Hi @bwoods - I've noticed on my test Mac when rebooting the machine the osupdate.plist file disappears from tmp folder. The file is still in the tmp folder when testing with logging the user off which is great.

Would you know a solution on how we can make the file not disappear after a reboot? Thank you

When running either the Part B or your original function, does the user have to be logged on for the update complete?

Yes sir.

Would you know a solution on how we can make the file not disappear after a reboot? Thank you

You need to change the path in the Launch Daemon to:

/Library/LaunchDaemons

You need to change the path in the Launch Daemon to:

/Library/LaunchDaemons

All of the highlighted paths below will need to be changed.

I'm still having such a hard time for updates to deploy. We have a user that we deployed the script to a couple of weeks ago and under software updates, it's waiting to install, but it's prompting for a username and password and his logon info doesn't work. Is this something related to maybe the securetoken?

I've got good results with this, better than Mass MDM Commands.

@bwoods Really nice work, does this work for Ventura?

Is the syntax where you specify the version as below for 13.1 13.1.0 or 13.1

"version\\":\\"12.4\\"

@bwoods Really nice work, does this work for Ventura?

Is the syntax where you specify the version as below for 13.1 13.1.0 or 13.1

"version\\":\\"12.4\\"

@MatG I haven't tested this in quite a while. I switched to using Nudge. Some people are telling me that it's not working for Ventura.

Hey

Did you have try with an Updates Script with the new Priorty MDM Key for forcing Updates?

priority

string

Priority can only be configured on macOS 12.3 and above, for minor updates only. Any version below 12.3 is always Low and cannot be changed until prerequisites are met. When qualified, if not explicitly set, priority will default to High

HIGHLOW

Warning: Deprecated

Well made. But unfortunately the function is no longer usable. :(

Warning: Deprecated

Well made. But unfortunately the function is no longer usable. :(

@bwoods do you have an alternate to above?

thanks @kcadm I was able to still use for macOS13. not sure if this doesnt work within macOS14

look to do Declarative Software updates via jamf

We have that enabled in Sandbox and have seen issues since the Software Update is in Beta

yeah there is an Apple bug. make sure devices are on 14.2 or later

Warning: Deprecated

Warning: Deprecated

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded