Skip to main content

I migrated over to S.U.P.E.R.M.A.N. late last year (ok...the company didn't even have any type of policy in place...it was the wild Wild West over here...).  I am sure that this script is not perfect in anyway, but it is working for me, so I thought I would share it in case anyone starting out would like a starting point.  For you seasoned admins, any feedback on better improvement(s) is greatly appreciated!

 

 

#!/bin/zsh # Writen by: Scott E. Kendall # Last Revision: 01/10/2025 # # Execute Superman script with passed parameters from JAMF # Options include Allow on minor updates, install major updates (speicific versions) and donwload only # # Parm #4 - Update Type (Major, Minor, Download, Defer, Reset) # Parm #5 - Force OS Version # Parm #6 - Deferral Time (in minutes) # Parm #7 - Deferral Count # Parm #8 - Deadline Date # Parm #9- Icon path # Parm #10- Test Mode On/Off # export PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin LoggedInUser=$(echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' ) UserDir=$(dscl . -read /Users/${LoggedInUser} NFSHomeDirectory | awk '{ print $2 }' ) JAMFClientID="<ClientID here>" JAMFSecret="<Secret here>" osInstallType="${4:-"minor"}" osForceVersion="${5:-""}" DeferralTime="${6:-"5,30,60,120"}" DeferralCount="${7:-"5"}" DeadlineDate="${8:-""}" IconPath=${9} TestMode="${10:-"--test-mode-on"}" VerboseMode="${11:-"--verbose-mode-off"}" DeferralCountSoft=$(( DeferralCount+1 )) [[ "${DeadlineDate}" == "" ]] && DeadlineDate=$(date "+%Y-%m-%d") DeadLineSoftDate=$(date -j -f "%Y-%m-%d" "${DeadlineDate}" +%Y-%m-%d) #################### # "Global" variables #################### platform=$(uname -p) logDir="/Library/Application Support/logs" logStamp=$(echo $(date +%Y%m%d)) logFile="${logDir}/Superman_OS_Install_${logStamp} (${platform}).log" JAMFPolicy="install_superman" JAMFIconPolicy="install_superman_icons" CommandString=" ${TestMode}" ########### # Functions ########### function create_log_directory () { # Ensure that the log directory and the log files exist. If they # do not then create them and set the permissions. # # RETURN: None # If the log directory doesnt exist - create it and set the permissions [[ ! -d "${logDir}" ]] && mkdir -p "${logDir}" chmod 775 "${logDir}" # If the log file does not exist - create it and set the permissions [[ ! -f "${logFile}" ]] && touch "${logFile}" chmod 644 "${logFile}" } function logMe () { # Basic two pronged logging function that will log like this: # # 202-12-04 12:00:00: Some message here # # This function logs both to STDOUT/STDERR and a file # The log file is set by the $LOG_FILE variable. # # RETURN: None echo "${1}" 1>&2 echo "$(date '+%Y-%m-%d %H:%M:%S'): ${1}" >> "${logFile}" } ################### # Main Script ################### create_log_directory # Make sure Superman is installed first if [[ ! -e /usr/local/bin/super ]]; then logMe "S.U.P.E.R.M.A.N. is not installed...installing now" jamf policy -trigger ${JAMFPolicy} sleep 5 super --test-mode-off --workflow-disable-relaunch fi # Build the super command string if [[ "${osInstallType:l}" != "download" ]]; then CommandString+=" --display-notifications-centered=ALWAYS" CommandString+=" --dialog-timeout-power-required=1800" CommandString+=" --dialog-timeout-user-auth=600" CommandString+=" --dialog-timeout-user-choice=600" ComamndString+=" --dialog-timeout-user-schedule=600" CommandString+=" --dialog-timeout-soft-deadline=600" CommandString+=" --display-hide-background=DEADLINE" #CommandString+=" --auth-jamf-client=${JAMFClientID}" #CommandString+=" --auth-jamf-secret=${JAMFSecret}" fi CommandString+=" --dialog-timeout-default=600" CommandString+=" --display-icon-file='${IconPath}'" CommandString+=" "${VerboseMode} CommandString+=" --auth-credential-failover-to-user" case "${osInstallType:l}" in "download" ) logMe "Download only of OS (${osForceVersion}) for prestage purposes" CommandString+=" --workflow-only-download" CommandString+=" --install-macos-major-upgrades" [[ ! -z "${osForceVersion}" ]] && CommandString+=" --install-macos-major-version-target="${osForceVersion} ;; "minor" ) logMe "Installing minor updates immediately" CommandString+=" --install-macos-major-upgrades-off" CommandString+=" --install-non-system-updates-without-restarting" CommandString+=" --install-macos-major-version-target=X" CommandString+=" --workflow-only-download-off" CommandString+=" --workflow-install-now" CommandString+=" --workflow-disable-relaunch" ;; "major" ) logMe "Installing Major OS update immediately" CommandString+=" --workflow-only-download-off" CommandString+=" --install-macos-major-upgrades" CommandString+=" --workflow-install-now" CommandString+=" --workflow-reset-super-after-completion" [[ ! -z "${osForceVersion}" ]] && CommandString+=" --install-macos-major-version-target="${osForceVersion} CommandString+=" --deadline-count-focus="${DeferralCount} CommandString+=" --deadline-count-soft="${DeferralCount} ;; "defer-major" ) logMe "Performing Major Deferral installation" CommandString+=" --deferral-timer-menu="${DeferralTime} CommandString+=" --deferral-timer-focus=15" CommandString+=" --deadline-date-soft="${DeadLineSoftDate} CommandString+=" --deadline-count-soft="${DeferralCountSoft} CommandString+=" --deadline-date-focus="${DeadLineDate} CommandString+=" --deadline-count-focus="${DeferralCount} CommandString+=" --scheduled-install-user-choice" CommandString+=" --scheduled-install-reminder=120,60,5" CommandString+=" --install-macos-major-upgrades" CommandString+=" --workflow-install-now-off" CommandString+=" --workflow-only-download-off" #CommandString+=" --workflow-reset-super-after-completion" [[ ! -z "${osForceVersion}" ]] && CommandString+=" --install-macos-major-version-target="${osForceVersion} ;; "defer-minor" ) logMe "Performing Minor Deferral installation" CommandString+=" --deferral-timer-menu="${DeferralTime} CommandString+=" --deferral-timer-focus=15" CommandString+=" --deadline-date-soft="${DeadLineSoftDate} CommandString+=" --deadline-count-soft="${DeferralCountSoft} CommandString+=" --deadline-date-focus="${DeadLineDate} CommandString+=" --deadline-count-focus="${DeferralCount} CommandString+=" --install-non-system-updates-without-restarting" CommandString+=" --install-macos-major-version-target=X" CommandString+=" --install-macos-major-upgrades-off" CommandString+=" --workflow-install-now-off" CommandString+=" --workflow-only-download-off" CommandString+=" --scheduled-install-user-choice" CommandString+=" --scheduled-install-reminder=120,60,5" #CommandString+=" --workflow-reset-super-after-completion" CommandString+=" --workflow-disable-relaunch-off" ;; "reset" ) logMe "Resetting Superman back to default settings" CommandString+=" --reset-super" ;; esac # Make sure that the icons are loaded first if [[ ! -z "${IconPath}" ]] && [[ ! -e "${IconPath}" ]]; then jamf policy -trigger $JAMFIconPolicy fi # execute the command logMe "Executing S.U.P.E.R.M.A.N. with the following string: ${CommandString}" eval "super ${CommandString}" exit 0

 

 

and the corresponding parameters screen that goes along with it:

 

 

and a sample with the parameters filled in:

 

Be the first to reply!
Terms & ConditionsCookie settingsAccessibility statement