Skip to main content
Question

Yet another Software Updates thread.

  • February 9, 2022
  • 14 replies
  • 68 views
F
Forum|alt.badge.img+6

Hello,

We are getting really frustrated with the ability not to control updates. With every release of macOS it seems to get worse. It gets extra annoying with people that have M1's that are standard accounts as well. We've tried a mix of scripts and things like install or defer. Simple commands like softwareupdate but now there is some bug where it just hangs and then recon and check-in breaks (also doesn't work for M1's). The MDM command mass action for update also is not really reliable. In general all the above for some machines it works ok but for a majority it's a huge fail. We are currently on Monterey latest for the most part and trying to get the rest of the people on Big Sur to upgrade. A big thing is not impacting people while working but at this point we are just tempted to force updates during a specific time of day. It seems like deferrals also just cause issues and aren't reliable.

 

What have people come up with that has a high success rate?

    thomasC

    14 replies

    S
    Forum|alt.badge.img+7
    • supersizeal
    • Contributor
    • February 9, 2022

    I'm tired trying to figure out how to run Mac OS Updates myself.  Nothing works.  What have you tried, so I can test it out myself?

    F
    Forum|alt.badge.img+6
    • fimi
    • Author
    • Contributor
    • February 9, 2022

    I'm tired trying to figure out how to run Mac OS Updates myself.  Nothing works.  What have you tried, so I can test it out myself?


    The most simple command to install all updates and force restart is:

    sudo softwareupdate -i -a -R

    You add it to scripts and just setup with a policy. Though this won't give a warning to users and just start the restart once it's done.

    Mass Action:

    https://docs.jamf.com/best-practice-workflows/jamf-pro/managing-macos-updates/Updating_macOS_Using_a_Mass_Action.html

    Using Policy (Never really works):

    https://docs.jamf.com/best-practice-workflows/jamf-pro/managing-macos-updates/Running_Software_Update_Using_a_Policy.html

     

    Install or Defer (works fairly decent and has some extra options):

    https://github.com/mpanighetti/install-or-defer

     

    For upgrades (worked for a majority of people from Big Sur to Monterey):

    https://github.com/kc9wwh/macOSUpgrade

    Best is to cache the macOS pkg and then run this.

     

    scottb
    bern
    A
    Forum|alt.badge.img+11
    • awoodbury
    • Employee
    • February 9, 2022

    Have you tried erase-install.sh?

     

    https://github.com/grahampugh/erase-install

    F
    F
    Forum|alt.badge.img+6
    • fimi
    • Author
    • Contributor
    • February 9, 2022

    Have you tried erase-install.sh?

     

    https://github.com/grahampugh/erase-install


    I will give this a shot.

     

    Thanks

    sdagley
    Forum|alt.badge.img+25
    • sdagley
    • Jamf Heroes
    • February 9, 2022

    @fimi I have not used it in Production, but in testing the MDM update command using the "Update OS version and built-in apps (macOS 10.11 or later, Supervised or enrolled via a PreStage enrollment)" selection with the "Specific version: 12.2" and "Download and install the update, and restart computers after installation" options was reliable for upgrading Big Sur machines to Monterey 12.2. Using the "Download and allow macOS to install later" option for that did NOT work.

    bwoods
    Forum|alt.badge.img+14
    • bwoods
    • Honored Contributor
    • February 9, 2022

    @fimi , @supersizeal , and @sdagley , we're making progress on the threads below. 

    Re: Enforcing Apple software updates in the year 2... - Page 4 - Jamf Nation Community - 231495

    Programmatic macOS updates for Apple Silicon - Jamf Nation Community - 229141

    F
    R
    Forum|alt.badge.img
    • RW_tygeeks
    • New Contributor
    • February 9, 2022

    On your M1 devices this have been working for Us on the Monterey Builds 

     /usr/sbin/softwareupdate -aiR --user $SecureTokenUser --stdinpass "$SecureTokenUserPassword "

    K
    Forum|alt.badge.img+5
    • kavila
    • Contributor
    • February 10, 2022

    Using this script has allowed a majority of my end-users to manually authorize the update from self-service. Works for both M1 and Intel based Macs. 

    Note: A Monterey installer is required on each machine prior to running this. 

    Hugonaut
    Forum|alt.badge.img+15
    • Hugonaut
    • Esteemed Contributor
    • February 11, 2022

    @fimi

    I created this workflow, it works flawlessly everytime. Takes into account Intel/M1, standard users & allows you to pass administrator credentials via jamf parameters for standard accounts. In your case with standard users, do not use scripts ending in #2 & #3, you just need to use ending scripts #1 & #4. If you have a mixed environment, just include all of the scripts, even if they're standard it will fail & fallback to using the final script to run the install command as admin.

     

    https://github.com/Rocketman-Tech/Upgrade-to-macOS-Monterey

    Looking for a Jamf Managed Service Provider? Look no further than Rocketman Tech! Virtual MacAdmins Monthly Meetup - First Friday, Every Month
    P
    Forum|alt.badge.img+3
    • PEBKAC
    • New Contributor
    • February 16, 2022

    I think some people in this thread are a little confused. What the OP is referring to is SEQUENTIAL OS updates, eg 12.2 to 12.2.1 NOT OS upgrades e.g. Big Sur to Monterey. Our org also uses install or defer and yes it is completely broken right now in Monterey for Intel machines (m1 still appears to be working) We have no new solution for updates are are extremely frustrated as well. 

    Hugonaut
    Forum|alt.badge.img+15
    • Hugonaut
    • Esteemed Contributor
    • February 16, 2022

    @PEBKAC  If the machine/account has a securetoken & bootstrap token escrowed, the mdm deferral command via jamf allows incremental updates for macOS 12.0.1 & Up.

    Looking for a Jamf Managed Service Provider? Look no further than Rocketman Tech! Virtual MacAdmins Monthly Meetup - First Friday, Every Month
    F
    Forum|alt.badge.img+6
    • fimi
    • Author
    • Contributor
    • February 18, 2022

    I think some people in this thread are a little confused. What the OP is referring to is SEQUENTIAL OS updates, eg 12.2 to 12.2.1 NOT OS upgrades e.g. Big Sur to Monterey. Our org also uses install or defer and yes it is completely broken right now in Monterey for Intel machines (m1 still appears to be working) We have no new solution for updates are are extremely frustrated as well. 


    @PEBKAC To be honest it's kind of both.

    F
    Forum|alt.badge.img+6
    • fimi
    • Author
    • Contributor
    • February 18, 2022

    So far https://github.com/grahampugh/erase-install is working. For example to get 12.2.1 the command would be in the policy:

    /Library/Management/erase-install/erase-install.sh --build=21D62 --update --reinstall --confirm --depnotify

    Pros:

    So far it's worked on every machine. 

    Ideal for Self Service for Standard users.

    The only cons I find:

    -It download the whole package (takes long). Though you can probably cache the download before hand.

    -Users can still exit the update before it actually starts. A prompt is shown

    -Really only ideal from Self Service. Meaning no check in policies. Otherwise after a reboot even with a recon policy on startup it may not work and still report an old OS version and try to run again. So those people that never update are still hard to do. Even if you force it on them they can technically cancel unless you remove it from the script. Then if you remove it from the script you might have a very upset employee where their computer rebooted mid meeting.

    bwoods
    Forum|alt.badge.img+14
    • bwoods
    • Honored Contributor
    • May 17, 2022

    Force a Computer Restart to Install macOS Updates - Jamf Nation Community - 265982

    Terms & ConditionsCookie settingsAccessibility statement