Help

12.6.3 getting Delta update to Ventura? Is this correct?

szultzie
Contributor II

Posted on ‎02-15-2023 05:12 AM

So i have noticed that over the last few weeks my 12.6.2 and 12.6.3 machines are getting the macOS Ventura Delta update not upgrade anymore.

 

Is this correct?

 

I found this when running my weekly softwareupdate -iaR command on my classrooms/labs machines to keep them patched.

 

According to Appel an Jamf this should not be happening.  Did Appel release yet another bug? Or is this intended behavior and if ti is intended why only some of the machiens are doign this vs all of them in scope of my policy?

 

While troubleshooting i ran this on a machine manually in terminal and it did it.  I forgot to check what the Software Update Pref pane showed before i started, will check a few more machines.Screen Shot 2023-02-15 at 8.06.05 AM.png

0 Kudos
8 REPLIES 8

szultzie
Contributor II

Posted on ‎02-15-2023 05:43 AM

Found another one, clearly it shows the upgrade in Software Updates, but the command is installing Ventura.  Couldn't catch to see how big the download was, it went awya pretty quick.

Screen Shot 2023-02-15 at 8.25.53 AM.png

0 Kudos

jtrant
Valued Contributor

‎02-15-2023 06:45 AM - edited ‎02-15-2023 06:46 AM

https://support.apple.com/en-ca/HT213471

You will likely need to configure a Major OS Deferral period. This can be configured up to a maximum deferral period of 90 days.

This has been discussed before on Jamf Nation: https://community.jamf.com/t5/jamf-pro/can-t-stop-ventura-upgrades-any-more/m-p/280884

0 Kudos

szultzie
Contributor II
In response to jtrant

Posted on ‎02-15-2023 06:48 AM

We are past the 90 day major os deferral period for Ventura, and that is configured currently.

My issue is that Ventura is being treated as a minor update once again.  The softwareupdate command should never push an "upgrade" according to apple. 

And more aggravating its not consistent. If all my lab machines went to Ventura when i ran the comand so be it, but its like a few each week i run the command, and i tested it manually and some did ti and others didnt.

0 Kudos

jtrant
Valued Contributor

Posted on ‎02-15-2023 07:26 AM

I hear you, the inconsistency is frustrating.

We stopped patching using softwareupdate a while back, mostly because of the limitations around Apple Silicon, but also because it gives us greater control over the updates being installed.

Using the Classic API and ScheduleOSUpdate MDM command, I've been able to patch headless Macs and keep them on the same Major OS. This is not built into the UI yet, so we had to build our own scripting to make this happen.

0 Kudos

szultzie
Contributor II

Posted on ‎02-15-2023 07:39 AM

So can you share a top level overview of how this script works?  Do you ahve to tell it each update manually or does it look for the updates itself?

Apple just got back to me saying that the  softwareupdate -iaR will run all applicable, updates, but they cant tell me how apple decides what is applicable to the machine.

This is a room of 40 identical model year and OS macs, how come half get the Ventura update to be applicable?

Yes very frustrating.

I think they have a bug or its part of the plan to force to Venture (and beyond) whenever they want. No more control for admins.  Not going over well with my management thats for sure.

-Pete

0 Kudos

jtrant
Valued Contributor
In response to szultzie

Posted on ‎02-15-2023 08:16 AM

We built a script to target a smart group with the ScheduleOSUpdate MDM command via the API. This is triggered via a cron job on a server hosted within the same subnet as Jamf Pro for security. The account used also has limited permissions.

Here's the documentation we used to build the script:

https://community.jamf.com/t5/jamf-pro/how-to-get-list-of-computers-in-batch/m-p/159521

https://developer.jamf.com/jamf-pro/reference/createcomputercommandbycommandandaction

Delta updates are a sneaky way of pushing users onto Ventura, but we've shared the following annotated screenshot with end-users in all communications:
macOS Software Update (ignore Ventura).png

0 Kudos

mm2270
Legendary Contributor III

Posted on ‎02-15-2023 07:45 AM

It really annoys me that Apple is doing this. I can't help but believe that they do this so they can "tout" upgrade statistics for their new OS release at the next WWDC. I mean, sure, if you're sneakily slipping in full OS "upgrades" into an update cycle, then your upgrade numbers will look great. But what they are doing is just wrong and even a bit shady, frankly. Installing available software updates should NOT upgrade the entire OS to a new version like this!

I've had to instruct our end users to NOT try to install this until we fully test it out and make sure everything in our environment works with it. The 90 day deferral isn't really very long, but it's all they give us. Very aggravating to say the least.

scottb
Honored Contributor
In response to mm2270

Posted on ‎02-15-2023 03:16 PM

Yep, in my 35+ years of using and supporting Macs, this has been a nightmare and I've never been so angry at Apple for the changes they've made that add no value, and frankly make things worse.
System Settings is another gripe for Ventura.  This last year has been a royal PITA.  I can't even imagine another OS coming this fall when we're just starting to get some traction with Ventura.

0 Kudos