Admin credentials not working for OS upgrade unless signed in

New Contributor III

I've run into this issue a few times on different machines, where i let a user upgrade to the next macos version and after downloading the update it prompts admin credentials to install. Neither the local admin or the user's secondary admin accounts work and the only way to upgrade the macos is to sign out of the standard user, sign in as one of the admin accounts and run the update there. Is anyone else running into this issue too or found any solutions? It isnt bad when they are in the office, but remote users without access to admin accounts are unable to upgrade their os. 


And yes, jamf has the software update ability, but ive yet to see that succeed in working for major updates. 


Valued Contributor II

sounds like secure token / bootstrap etc.. .. check this video from the the most excellent folks over at Mac Sys Admin

If you've got your fleet onto macOS 14 (and you really should) OS updates are... better.. with JAMF / DDM etc.. 


Honored Contributor II

Major OS Upgrades require both a Secure Token and Admin access to install.

  • If you user does not have admin access, they cannot authorize a Major OS Update.
  • If your local admin does not have a Secure Token, it cannot authorize any OS updates.


Accounts created with prestage enrollment do not get a Secure Token until AFTER they log in interactively for the 1st time. Apple has a feature request open to change this behavior, though lord only knows when they will "fix" this.