Skip to main content

I would like to know a single platform for upgrading and updating macOS with standard user permissions. Does anyone use a single platform for M1/M2 & Intel Mac in their environment? 

OS Updates can be installed by a user with a secure token, they don't need admin access. OS Upgrades require Admin Access. A MDM with a Secure Token can install both OS Updates and Upgrades. Nothing else can install OS updates for a user by Apples design.


OS Updates can be installed by a user with a secure token, they don't need admin access. OS Upgrades require Admin Access. A MDM with a Secure Token can install both OS Updates and Upgrades. Nothing else can install OS updates for a user by Apples design.


Note that some versions of macOS Ventura show a prompt stating it needs administrator credentials when it's actually requesting the credentials for the secure token holder


Note that some versions of macOS Ventura show a prompt stating it needs administrator credentials when it's actually requesting the credentials for the secure token holder


In This case you can use "Privileges" app in User's account. This would help us to enter there login credentials for certain period of time.
macOS-enterprise-privileges
https://github.com/SAP/macOS-enterprise-privileges



It's on my wishlist that, much like adding users to the _developer group of yore, Apple provide some group(s) - maybe _osgraders/_osupdaters to which we could add user accounts and they would then have all necessarily permissions to upgrade/update macOS but not install other software or run admin / sudo root commands. It's not like Apple doesn't know what all needs that, you'd think they could whip up an entitlement list pretty quickly. 


We have some standard users in out company and we just deploy the erase-install script in self service 


you can use script below to proceed updates with standard accounts


https://github.com/euydu/macOSUpdatewithStandardUsers


Reply