Skip to main content
Solved

macOS update & upgrade with Standard User permissions

  • April 18, 2023
  • 6 replies
  • 382 views

Forum|alt.badge.img+1

I would like to know a single platform for upgrading and updating macOS with standard user permissions. Does anyone use a single platform for M1/M2 & Intel Mac in their environment? 

Best answer by EmreU

you can use script below to proceed updates with standard accounts

https://github.com/euydu/macOSUpdatewithStandardUsers

6 replies

AJPinto
Forum|alt.badge.img+26
  • Legendary Contributor
  • April 18, 2023

OS Updates can be installed by a user with a secure token, they don't need admin access. OS Upgrades require Admin Access. A MDM with a Secure Token can install both OS Updates and Upgrades. Nothing else can install OS updates for a user by Apples design.


sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • April 18, 2023

OS Updates can be installed by a user with a secure token, they don't need admin access. OS Upgrades require Admin Access. A MDM with a Secure Token can install both OS Updates and Upgrades. Nothing else can install OS updates for a user by Apples design.


Note that some versions of macOS Ventura show a prompt stating it needs administrator credentials when it's actually requesting the credentials for the secure token holder


Forum|alt.badge.img+4
  • Contributor
  • April 19, 2023

Note that some versions of macOS Ventura show a prompt stating it needs administrator credentials when it's actually requesting the credentials for the secure token holder


In This case you can use "Privileges" app in User's account. This would help us to enter there login credentials for certain period of time.
macOS-enterprise-privileges
https://github.com/SAP/macOS-enterprise-privileges



Forum|alt.badge.img+10
  • Valued Contributor
  • April 23, 2023

It's on my wishlist that, much like adding users to the _developer group of yore, Apple provide some group(s) - maybe _osgraders/_osupdaters to which we could add user accounts and they would then have all necessarily permissions to upgrade/update macOS but not install other software or run admin / sudo root commands. It's not like Apple doesn't know what all needs that, you'd think they could whip up an entitlement list pretty quickly. 


Forum|alt.badge.img+1
  • New Contributor
  • April 25, 2023

We have some standard users in out company and we just deploy the erase-install script in self service 


EmreU
Forum|alt.badge.img+6
  • Contributor
  • Answer
  • October 17, 2024

you can use script below to proceed updates with standard accounts

https://github.com/euydu/macOSUpdatewithStandardUsers