Hi all,
Referring to this macOS installer script.
macOSUpgrade/macOSUpgrade.sh at master · kc9wwh/macOSUpgrade · GitHub
This script works fine for Intel Macbook upgrading to macOS Monterey 12.0.1.
But it does not work with Apple Silicon Macbook 😞
When attempting, I get the following error:
Error: failed to authorize for installation. Provide a password with --stdinpass or --passprompt.
By using the agreetolicense option, you are agreeing that you have run this tool with the license only option and have read and agreed to the terms.
If you do not agree, press CTRL-C and cancel this process immediately.
Investigating further, I run the following in a M1 Mabook's terminal.
/Applications/Install\\ macOS\\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps
Error: A method of password entry is required.
Usage: startosinstall
.....
The error suggests I need to supply admin username and password via
--user, an admin user to authorize installation.
--passprompt, collect a password for authorization with an interactive prompt.
--stdinpass, collect a password from stdin without interaction.
I want JAMF to execute this. I DO NOT want to need to supply admin account and password.
Anyone got any suggestions?
Have you tried the script I posted above with the FVpass?
I don't believe so. Also, I'm getting an Unable to Verify MacOS when running the installer manually as well so it may not be the script not working. I'm kinda sick of working on this to be honest. Can't install manually or automatically...
I don't believe so. Also, I'm getting an Unable to Verify MacOS when running the installer manually as well so it may not be the script not working. I'm kinda sick of working on this to be honest. Can't install manually or automatically...
sounds like a bad installer then, I would download it directly from apple to test the script. You usually get that error if its un-signed or from an external drive.
sounds like a bad installer then, I would download it directly from apple to test the script. You usually get that error if its un-signed or from an external drive.
So my test device, I ran my normal software update command to pull down the installer. Then I tried my simple execute install script, and received the "Unable to verify MacOS" error, as posted above. That was all through Jamf. I ended up just running that one manually and it ran fine.
I have tried updating two of my user's devices manually and they are getting the "Unable to verify MacOS" installer error (not through Jamf, this is while I'm remoted into their computers). I had two others that ran just fine.
Im thinking I may have to fix this Verify MacOS error before going back to the policy method.
Added your script to the full page splash. Working great so far!
#!/bin/bash
# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")
fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} with text and hidden answer default button "Continue"
set fvPass to (text returned of result)
display dialog "Re-enter your macOS password to verify it was entered correctly" with text and hidden answer buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue"
if text returned of result is equal to fvPass then
set validatedPass to true
fvPass
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file messageIcon
end if
end repeat
APPLESCRIPT
)
##Heading to be used for jamfHelper
heading="Please wait as we prepare your computer for macOS Monterey..."
##Title to be used for jamfHelper
description="
This process will take approximately 10-15 minutes.
Once completed your computer will reboot and begin the upgrade which can take an additional 45 minutes."
##Icon to be used for jamfHelper
icon=/Applications/Install\\ macOS\\ Monterey.app/Contents/Resources/InstallAssistant.icns
##Launch jamfHelper
/Library/Application\\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &
jamfHelperPID=$!
##Start macOS Upgrade
echo $fvPass | /Applications/Install\\ macOS\\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass
exit 0Thanks for this, man! It worked very well, but I'm puzzled by something though: the Self Service policy triggering the upgrade is not showing up in the Policy logs, so I cannot see which devices have been used it so far. Any ideas? Attaching the screenshots with 1 M1 device that I've tested with and the logs in Jamf for the Self Service policy...
Thanks for this, man! It worked very well, but I'm puzzled by something though: the Self Service policy triggering the upgrade is not showing up in the Policy logs, so I cannot see which devices have been used it so far. Any ideas? Attaching the screenshots with 1 M1 device that I've tested with and the logs in Jamf for the Self Service policy...
replace the last line with
echo $fvPass | /Applications/Install\\ macOS\\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass --pidtosignal $jamfHelperPID >> /var/log/startosinstall.log 2>&1 &
replace the last line with
echo $fvPass | /Applications/Install\\ macOS\\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass --pidtosignal $jamfHelperPID >> /var/log/startosinstall.log 2>&1 &Yep! It worked now! :)
Thanks again @AtillaTheC ! ;)
Hi Folks and @AtillaTheC I tried out your script (posted on 11-10-2021 and works great when I enter the correct password. However I also tried entering my mac password wrong and once I verified with the incorrect password it stays on the "please wait while we update xxx" screen. I have to force reboot it. That isn't by design if I read your script correctly yea?
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file messageIcon
end if
end repeat
Hi Folks and @AtillaTheC I tried out your script (posted on 11-10-2021 and works great when I enter the correct password. However I also tried entering my mac password wrong and once I verified with the incorrect password it stays on the "please wait while we update xxx" screen. I have to force reboot it. That isn't by design if I read your script correctly yea?
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file messageIcon
end if
end repeat
I believe its checking the 2 passwords you enter are the same, not looking at the system's password as It won't know that until it attempts the install.
I believe its checking the 2 passwords you enter are the same, not looking at the system's password as It won't know that until it attempts the install.
Ty. So whats the expected behavior when a user enters the incorrect password?
The script isnt looking to see if your typing the wrong password, its confirming you are typing the same password twice, then using it to run the install command. It doesnt take into account you typing the wrong password twice.
In your case your typing the wrong password in twice so it will use that to run the install, which will fail. The screen your seeing will remain. What your seeing seems to be expected behaviour and the machine will never restart.
Ty. So whats the expected behavior when a user enters the incorrect password?
unfortunately what you are seeing is the expected behavior, It's why I have in our support instructions if it stays on that screen for more then 40 minutes to reboot. I'm open to edits on the script, i'm no BASH expert.
The script isnt looking to see if your typing the wrong password, its confirming you are typing the same password twice, then using it to run the install command. It doesnt take into account you typing the wrong password twice.
In your case your typing the wrong password in twice so it will use that to run the install, which will fail. The screen your seeing will remain. What your seeing seems to be expected behaviour and the machine will never restart.
Got ty you two! Your replies here have made our week with this!
Latest version working on both M1 and Intel macs
#!/bin/bash
# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")
fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} default button "Continue" with text and hidden answer
set fvPass to (text returned of result)
display dialog "Re-enter your macOS password to verify it was entered correctly" buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue" with text and hidden answer
if text returned of result is equal to fvPass then
set validatedPass to true
fvPass
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns"
end if
end repeat
AppleScript
)
##Heading to be used for jamfHelper
heading="Please wait as we prepare your computer for macOS Monterey..."
##Title to be used for jamfHelper
description="
This process will take approximately 20-30 minutes.
Once completed your computer will reboot and begin the upgrade which can take an additional 15-20 minutes."
##Icon to be used for jamfHelper
icon=/Applications/Install\\ macOS\\ Monterey.app/Contents/Resources/InstallAssistant.icns
##Launch jamfHelper
/Library/Application\\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &
jamfHelperPID=$!
##Start macOS Upgrade
echo $fvPass | /Applications/Install\\ macOS\\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass --pidtosignal $jamfHelperPID >> /var/log/startosinstall.log 2>&1 &
exit 0
edited to include the fix from @benjmars
Thanks for sharing Atilla, this is amazing.
I have a fleet of iMacs I need to push this too but unfortunately, it looks like this will only work if a user is signed in to the machine. Is there a way for me to push this for idle iMacs that are stuck on the login screen?
Thanks for sharing Atilla, this is amazing.
I have a fleet of iMacs I need to push this too but unfortunately, it looks like this will only work if a user is signed in to the machine. Is there a way for me to push this for idle iMacs that are stuck on the login screen?
Just use the Remote command Option for those. 
Just use the Remote command Option for those.
Ah, true. I often forget that this feature exists. Thanks.
Hello Everyone, iam new to the Jamf Tool and want to know, how should i do this with the script ? DO i need to deploy the Installer from App Store first ? And then deploy the script ?
Hello Everyone, iam new to the Jamf Tool and want to know, how should i do this with the script ? DO i need to deploy the Installer from App Store first ? And then deploy the script ?
This script allows the end-user to authorize the installation for themselves. They'll need to have the MacOS Monterey installer present on their machine prior to running the script, this can be achieved in a multitude of different ways.
A common practice is to create a policy with an iteration of the following command and scope it to your community: softwareupdate --fetch-full-installer --full-installer-version=12.1
If you're reading this thread and have tried all the scripts, and even Remote Commands with no success... do you have Microsoft ATP?
Our issue was being caused by Microsoft ATP. I tested uninstalling ATP and both my Intel & M1 Test machines successfully installed Monterey. After countless error free failures, leaving everyone at Jamf Support stumped. Looks like Microsoft is aware of the issue, and fixes has yet to be released. Even on today's latest version: 101.56.62
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/mde-apparently-blocks-macos-monterey-12-1-12-2-upgrades/m-p/3078793
Hopes this helps some people!
So my test device, I ran my normal software update command to pull down the installer. Then I tried my simple execute install script, and received the "Unable to verify MacOS" error, as posted above. That was all through Jamf. I ended up just running that one manually and it ran fine.
I have tried updating two of my user's devices manually and they are getting the "Unable to verify MacOS" installer error (not through Jamf, this is while I'm remoted into their computers). I had two others that ran just fine.
Im thinking I may have to fix this Verify MacOS error before going back to the policy method.
Fixed my issue.
We have Netskope agents on our computers and it started blocking the updates. Removed Netskope from the machine and able to install manually. I haven't been able to try the script after removing Netskope but it sounds like it would work for us now.
This script allows the end-user to authorize the installation for themselves. They'll need to have the MacOS Monterey installer present on their machine prior to running the script, this can be achieved in a multitude of different ways.
A common practice is to create a policy with an iteration of the following command and scope it to your community: softwareupdate --fetch-full-installer --full-installer-version=12.1
Thanks, i tooked the Script and deployed it to my Macbook to test it, i got a popUp winodow to enter my Filevault password and then the DEP Notify Screen, which is freezing over 2 hours....
If you're reading this thread and have tried all the scripts, and even Remote Commands with no success... do you have Microsoft ATP?
Our issue was being caused by Microsoft ATP. I tested uninstalling ATP and both my Intel & M1 Test machines successfully installed Monterey. After countless error free failures, leaving everyone at Jamf Support stumped. Looks like Microsoft is aware of the issue, and fixes has yet to be released. Even on today's latest version: 101.56.62
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/mde-apparently-blocks-macos-monterey-12-1-12-2-upgrades/m-p/3078793
Hopes this helps some people!
Thank you so much, @Mac_User_ for sharing this info. I can confirm that we are having the same issue and narrowed ours down to the DLP module. By disabling DLP from Defender we were able to install updates with no issues. Our security team is working with Microsoft to resolve the issue.
Added your script to the full page splash. Working great so far!
#!/bin/bash
# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")
fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} with text and hidden answer default button "Continue"
set fvPass to (text returned of result)
display dialog "Re-enter your macOS password to verify it was entered correctly" with text and hidden answer buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue"
if text returned of result is equal to fvPass then
set validatedPass to true
fvPass
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file messageIcon
end if
end repeat
APPLESCRIPT
)
##Heading to be used for jamfHelper
heading="Please wait as we prepare your computer for macOS Monterey..."
##Title to be used for jamfHelper
description="
This process will take approximately 10-15 minutes.
Once completed your computer will reboot and begin the upgrade which can take an additional 45 minutes."
##Icon to be used for jamfHelper
icon=/Applications/Install\\ macOS\\ Monterey.app/Contents/Resources/InstallAssistant.icns
##Launch jamfHelper
/Library/Application\\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &
jamfHelperPID=$!
##Start macOS Upgrade
echo $fvPass | /Applications/Install\\ macOS\\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass
exit 0This is awesome. Thank you. Any way to add a progress bar to this or know where it is in the process?
Just use the Remote command Option for those.
Does this work on M1's too at the login screen?
Latest version working on both M1 and Intel macs
#!/bin/bash
# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")
fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} default button "Continue" with text and hidden answer
set fvPass to (text returned of result)
display dialog "Re-enter your macOS password to verify it was entered correctly" buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue" with text and hidden answer
if text returned of result is equal to fvPass then
set validatedPass to true
fvPass
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns"
end if
end repeat
AppleScript
)
##Heading to be used for jamfHelper
heading="Please wait as we prepare your computer for macOS Monterey..."
##Title to be used for jamfHelper
description="
This process will take approximately 20-30 minutes.
Once completed your computer will reboot and begin the upgrade which can take an additional 15-20 minutes."
##Icon to be used for jamfHelper
icon=/Applications/Install\\ macOS\\ Monterey.app/Contents/Resources/InstallAssistant.icns
##Launch jamfHelper
/Library/Application\\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &
jamfHelperPID=$!
##Start macOS Upgrade
echo $fvPass | /Applications/Install\\ macOS\\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass --pidtosignal $jamfHelperPID >> /var/log/startosinstall.log 2>&1 &
exit 0
edited to include the fix from @benjmars
it doesnt work....what are the steps for me to do ? iam new to Jamf, please be patient :)
Latest version working on both M1 and Intel macs
#!/bin/bash
# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")
fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} default button "Continue" with text and hidden answer
set fvPass to (text returned of result)
display dialog "Re-enter your macOS password to verify it was entered correctly" buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue" with text and hidden answer
if text returned of result is equal to fvPass then
set validatedPass to true
fvPass
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns"
end if
end repeat
AppleScript
)
##Heading to be used for jamfHelper
heading="Please wait as we prepare your computer for macOS Monterey..."
##Title to be used for jamfHelper
description="
This process will take approximately 20-30 minutes.
Once completed your computer will reboot and begin the upgrade which can take an additional 15-20 minutes."
##Icon to be used for jamfHelper
icon=/Applications/Install\\ macOS\\ Monterey.app/Contents/Resources/InstallAssistant.icns
##Launch jamfHelper
/Library/Application\\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &
jamfHelperPID=$!
##Start macOS Upgrade
echo $fvPass | /Applications/Install\\ macOS\\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass --pidtosignal $jamfHelperPID >> /var/log/startosinstall.log 2>&1 &
exit 0
edited to include the fix from @benjmars
This is sold. I did notice that the user has to be the secure token holder for this to work. Also, has anyone been able to get the Monterey icon to show up? It originally showed up but now doesn't seem to show up in the Jamf Helper splash screen.
