Posted on 03-10-2021 08:32 AM
I was wondering if there was anybody out there who had come up with a good workflow for allowing non-admin users on Big Sur to update their computers. We are a K-12 environment with a really large fleet and having to ask an admin to enter credentials is a huge headache.
Posted on 03-10-2021 08:46 AM
Take a look at Upgrade to macOS Big Sur using Self Service with Jamf Pro from HCS.
Posted on 03-10-2021 08:56 AM
I just want to say I second @shaquir. This method has so far worked on our test machines. The only caveat I would say about the macOS update script is by default it has in it require 48 gb for macOS 11. I found that number almost impossible to hit with everyone have 128 gb airs. Just a thought.
Posted on 03-10-2021 10:02 AM
If you are looking to just do updates and not upgrade, I have this script that lists the updates that were installed and when, shows the updates that are available for the specific system, then prompts the user to update or do it later.
exec >> "/Library/Logs/My Script.log" 2>&1
echo " $0" date "%A %B %d, %Y %H:%M"
" "
echo ""
/usr/bin/osascript -e '
tell application "System Events"
activate
set thisday to do shell script "date %m/%d/%Y"
set updatehistory to do shell script "softwareupdate --history | cut -c -42,62-72"
set updatelist to do shell script "softwareupdate --list"
display dialog "Good morning! Today is " & thisday & " The following are the updates installed and when: " & updatehistory & " " buttons ("Next") default button "Next" with title "Apple Software Updates"
display dialog "Installing any SECURITY or OS UPDATES, will FORCE the system to RE-BOOT." & "
Here are the available updates for your system:
" & updatelist & "
______________ updates listed above ______________
Do you want to install updates now? " buttons ("Later","Ok") default button "Later" with title "Available Apple Software Updates"
if button returned of result = "Ok" then
display dialog "Running Software Update now..." with icon caution
do shell script "softwareupdate -ia"
else if button returned of result = "Later" then
display dialog "Will install updates later. Remember to keep your system up-to-date." with icon caution
end if
end tell'
echo " $0 Completed " date "+%A %B %d, %Y %H:%M"
" "
Posted on 03-11-2021 05:18 PM
@shaquir , @sharriston , and @cnorrisAdmin that's interesting but looks like a way to upgrade to Big Sur using Self Service or update Big Sur systems with user interaction. I believe what @jonathan.massey is looking for (and what I am looking for) is a way to update Big Sur to the latest Apple software updates without admin access. I would even prefer a way to apply updates with no user interaction. Does anybody know a way to do that in Big Sur?
Posted on 03-12-2021 04:33 AM
In my testing I have found that all previous Self Service upgrading has been super inconsistent in Big Sur. I found a discussion that basically said to run a script which opens the Software Update preference pane and to make sure you have a configuration profile that allows standard users to install updates. Would you like either of those things posted?
Posted on 09-10-2021 08:35 AM
Can you let me know how to have a configuration profile that allows standard users to install updates? I'm having a hard time finding the option.
Posted on 03-12-2021 05:21 AM
I just use a script to call /Applications/Install macOS Big Sur.app/Contents/Resources/startosinstall
Arguments I use
agreetolicense
forcequitapps
Posted on 03-12-2021 12:07 PM
@sharriston the OP might be interested but I need to do updates at the loginwindow with no user logged in. Thanks @Cayde-6 , I've seen online that doing the full install every time will provide updates, but I was hoping to avoid the ~30 minutes that takes to run and having the full installer on every machine.
I've hijacked this ticket enough, so anybody interested in updating Big Sur at the loginwindow, with no interactive user logged in, I have another discussion going here.
Posted on 03-12-2021 02:20 PM
Using a script to call softwareupdate should suffice.
I have a daily script that lists and downloads available updates. A smart group is scoped to prompt the user to “install” these pending updates with a timeout of 9 hours. This allows the user to work through a business day without impact and / or execute at their convenience (ie. at lunchtime).
Posted on 03-14-2021 05:35 AM
Not sure if it works with Big Sur, but for lower macOS versions, this worked at the Login Window:
softwareupdate --install --all --agreetolicense --nointeraction --forcequitapps && reboot
Posted on 03-15-2021 06:19 PM
Yeah @donmontalvo , unfortunately that doesn't work in Big Sur. There is a known problem with updates with no user logged in in Big Sur. Also, I don't think some of those flags are valid in the Big Sur version of softwareupdate.
Posted on 07-16-2021 01:54 AM
I'm currently testing how to let users install Big Sur via VPP (and made available in Self Service), with the catch being that the users are not admins. Right now, it prompts the user to enter admin credentials
Is there a way to bypass this?
Regards
Tab Nawaz
Posted on 10-27-2021 04:36 PM
Was there a solution on installing Big Sur updates without admin rights?
Posted on 10-29-2021 02:09 PM
I would also like to know the answer here...
currently i am trying to get this working:
but it is a bit complicated. If there was a simple setting. Like for instance on windows GPO, you can set "allow limited users to install updates" and boom done. Does jamf have a similar setting? I dont care about forcing it at this time, i just want to allow the user to install without admin privs.
Posted on 10-29-2021 03:58 PM
The short answer is, as far as I know, there is no easy way to allow standard users to do OS upgrades. One thing I got working is putting the Big Sur installer on the machine. Then I run the installer via a script as a policy in JAMF, with the adminuser password stored as Parameter 4 in the policy. (This requires a admin user account that is allowed to do OS updates on the machine.)
echo $4 | /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps --user adminuser --stdinpass
This isn't the most secure, but it's the only option I've found to automate the process. I don't use Self Service, so you may want to caution users that this will start the update immediately, so save your work, yada, yada, yada.