Allow ALL USERS to update osx

wifichallenges
Contributor

Hey i am having some trouble with updates to OSX. A previous admin had deployed a script to defer upgrades, but while speaking with JAMF support this morning, we think it might be causing a wireless profile problem.

So i have disabled the script now. However admin and also limited users can no longer update OSX.

I would like to have ANY user that can log into the machine able to perform OSX updates. OSX loves its updates.

Does anyone know how i can get any user on the machine to download and run updates? its osx 11.0.1. Jamf has a policy update setting, but there is only one item in there...
Under configuration profiles, there is more settings, but i dont know what to put in for "update server" as we dont have one.

EDIT: i re applied the script, it was from here:
https://github.com/bp88/JSS-Scripts/blob/master/AppleSoftwareUpdate.sh

however it still has not solved the problem.
anyone have any idea how i can do updates again?

The errors i am getting are as follows, i will attempt to search them out.

error: XPC: synchronousRemoteObjectProxyWithErrorHandler encountered error: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service on pid 0 named com.apple.Maps.MapsSync.store was invalidated." UserInfo={NSDebugDescription=The connection to service on pid 0 named com.apple.Maps.MapsSync.store was invalidated.}
OD password verification returned Error Domain=com.apple.OpenDirectory Code=5100 "Could not verify credentials because directory server does not support the requested authentication method." UserInfo={NSLocalizedDescription=Could not verify credentials because directory server does not support the requested authentication method., NSLocalizedFailureReason=Could not verify credentials because directory server does not support the requested authentication method.}
Authentication failed for <private>: ODErrorCredentialsMethodNotSupported

edit3: i should also say that the admin password works everywhere else, just not for updates. I was able to create a new admin user, and it works to go through the prompt, but it just says "some updates could not be installed" before it does anything. Then creates the following entries in the console:

System Policy: UserEventAgent(102) deny(1) file-read-data /private/var/db/installcoordinationd/Library/InstallCoordination
auid=-1 for audit token; falling back to ruid=200
Connection to auth agent invalidated
[SUMacControllerAuthentication] Failed to obtain SSO service ticket with error: Error Domain=IASAuthenticationErrorDomain Code=800
Opendriectory settings cache entry missing
[CLIENT_IPC] Performed se command: CommitStash | FAILURE
[CallCompletion] Calling completion from SUMacControllerClientRequest for command SUMacControllerCommandCommitStash with error: Error Domain=SUMacControllerError Code=7748 "[SUMacControllerErrorCommitStashFailed=7748] Failed to commit stash: [MobileSoftwareUpdateErrorDomain(MSU):MSU_ERR_NO_SUSPENDED_UPDATE(5)]" UserInfo={NSUnderlyingError=0x148ffa3c0 {Error Domain=MobileSoftwareUpdateErrorDomain Code=5 "Update could not be resumed from: /System/Volumes/Update/Update.plist" UserInfo={NSLocalizedDescription=Update could not be resumed from: /System/Volumes/Update/Update.plist}}, SUMacControllerErrorIndicationsMask=0, NSDebugDescription=[SUMacControllerErrorCommitStashFailed=7748] Failed to commit stash: [MobileSoftwareUpdateErrorDomain(MSU):MSU_ERR_NO_SUSPENDED_UPDATE(5)], NSLocalizedDescription=Failed to save user credentials for software update.}
[DIAG_END] ...[SUMacController]SUMacControllerCommandCommitStash | result=7748 error:Error Domain=SUMacControllerError Code=7748 UserInfo={NSUnderlyingError=0x148ffa3c0 {Error Domain=MobileSoftwareUpdateErrorDomain Code=5 UserInfo={NSLocalizedDescription=<private>}}, SUMacControllerErrorIndicationsMask=0, NSDebugDescription=<private>, NSLocalizedDescription=<private>}
SUOSURestartCountdownOperation: Failed to queue update for post-logout
System Policy: dirhelper(2310) deny(1) file-write-create /System/Volumes/Hardware/.Trashes
2 REPLIES 2

wifichallenges
Contributor

actually i think this is just one laptop witht his problem. So i probably screwed it up in my testing. Jamf sent me this helpful email about updates so i am going to reproduce that here incase it helps someone.

When i updated the script, it seems that fixed the issue with most laptops.

Thanks for the update! We have a few different options for macOS Software Updates :

  1. We can use the "Software Update" payload of a Computer configuration profile in Jamf Pro to "Automatically install macOS updates" on computers, which would mean that we would not need any additional scripting.
  2. We can use a Policy in Jamf Pro to run Software Update : https://docs.jamf.com/10.28.0/jamf-pro/administrator-guide/Running_Software_Update.html
  3. We can use the "Download/Download and Install Updates" Management command from the Management tab of the computer's record (or via Mass Action) : https://docs.jamf.com/10.28.0/jamf-pro/administrator-guide/Remote_Commands_for_Computers.html

Let me know if you have any questions or if you are able to get the script working again!

wifichallenges
Contributor

OK the ones that were broken, I was able to fix by simply running the following command and rebooting:

sudo nvram -c