Resetting authchanger after Mac Os upgrade

b_rant
New Contributor II

Hello all,

New to Jamf Pro here and I am currently setting up a Big Sur upgrade.
I am currently trying to come up with the best way to re enable the login window for Jamf Connect after the upgrade as mentioned here. https://docs.jamf.com/jamf-connect/2.1.2/administrator-guide/Re-enabling_the_Login_Window_after_a_Ma...

I am using the script found here in self service to install the OS upgrade.
https://github.com/kc9wwh/macOSUpgrade/blob/master/macOSUpgrade.sh

I have a script created and login hooks set up. I am currently trying to scope it to computers that have just installed macOS Big Sur.

My question is this:

  1. What criteria should I be using to scope it to computers that have just installed mac OS, rather than all computers on Big Sur.
  2. Is there a better way to ensure the authchanger reset is run post upgrading ?

Any guidance on this is appreciated! Thanks.

1 REPLY 1

PerryK
New Contributor III

How did you go ?

I've not tried it, however I'm going to give this a shot once back in the office and pushing some machines to Big Sur: https://github.com/kennyb-222/NoMADLoAD_AppleStagedUpdates/

For a low tech version, you could create a policy targeted toward Big Sur devices, set to run once per computer, and use file/process setting to run authchanger -reset -AD.

Alternatively, a different approach might be to run a script which calls the API to set an EA before you call the macOSUpgrade script. Then have a policy run for any system which has that EA set which runs authchanger and clears the EA.