If I remember correctly anything involving OS updates and upgrades requires a GUI interaction from a user unless it comes from a MDM command with a bootstrap token on Apple Silicon. I don't think you can bypass this check with CLI, you must use MDM commands for no user interaction.
JAMF does not really advertise this very much, but "Wipe Computer" MDM command should leave the Mac at setup assistant when its done.
The thing that requires the password is Apple Silicon Macs. See erase-install documentation here. #JustAppleThings
If MDM update commands work for you, do as @AJPinto said.
If I remember correctly anything involving OS updates and upgrades requires a GUI interaction from a user unless it comes from a MDM command with a bootstrap token on Apple Silicon. I don't think you can bypass this check with CLI, you must use MDM commands for no user interaction.
JAMF does not really advertise this very much, but "Wipe Computer" MDM command should leave the Mac at setup assistant when its done.
@AJPinto wrote:
If I remember correctly anything involving OS updates and upgrades requires a GUI interaction from a user unless it comes from a MDM command with a bootstrap token on Apple Silicon. I don't think you can bypass this check with CLI, you must use MDM commands for no user interaction.
JAMF does not really advertise this very much, but "Wipe Computer" MDM command should leave the Mac at setup assistant when its done.
Can this be done on a group of computers? I have only seen the command in the inventory record of individual Macs. In other words, one at a time. If it is there I am just not seeing it.
@AJPinto wrote:
If I remember correctly anything involving OS updates and upgrades requires a GUI interaction from a user unless it comes from a MDM command with a bootstrap token on Apple Silicon. I don't think you can bypass this check with CLI, you must use MDM commands for no user interaction.
JAMF does not really advertise this very much, but "Wipe Computer" MDM command should leave the Mac at setup assistant when its done.
Can this be done on a group of computers? I have only seen the command in the inventory record of individual Macs. In other words, one at a time. If it is there I am just not seeing it.
I do not think you can wipe multiple devices with a mass action. I see there being a LOT of risk bulk wiping devices, so its something JAMF has not implemented.
It looks like you can script the Erase Device MDM command with JAMF API and the computercommands endpoint. However, I would be extremely careful with this.
This is the documentation that I have been using and it has been working.
https://www.jamf.com/blog/reinstall-a-clean-macos-with-one-button/
I have a policy that runs this command in the "Execute Command" field on the Files and Processes page.
echo 'P@55w0rd' | '/Applications/Install macOS Monterey.app/Contents/Resources/startosinstall' --eraseinstall --agreetolicense --forcequitapps --newvolumename 'Macintosh HD' --user adminuser --stdinpassJust replace the echo'ed password at the beginning of the command set the username towards the end.
We have a bit of a moving target as we have two accounts for different admin purposes. Not all of the macs have had either logged into them. Let's call them Admin-Mary and Admin-Bob. In some cases, Bob has logged in and in other instances, Mary has, and complicating things, there are some machines that neither of them has logged in nor do they show up in the Secure Token Users list in inventory.
