I was wondering if there was anybody out there who had come up with a good workflow for allowing non-admin users on Big Sur to update their computers. We are a K-12 environment with a really large fleet and having to ask an admin to enter credentials is a huge headache.
I just want to say I second @shaquir. This method has so far worked on our test machines. The only caveat I would say about the macOS update script is by default it has in it require 48 gb for macOS 11. I found that number almost impossible to hit with everyone have 128 gb airs. Just a thought.
If you are looking to just do updates and not upgrade, I have this script that lists the updates that were installed and when, shows the updates that are available for the specific system, then prompts the user to update or do it later.
exec >> "/Library/Logs/My Script.log" 2>&1
echo " $0"
set updatehistory to do shell script "softwareupdate --history | cut -c -42,62-72"
set updatelist to do shell script "softwareupdate --list"
display dialog "Good morning! Today is " & thisday & " The following are the updates installed and when: " & updatehistory & " " buttons ("Next") default button "Next" with title "Apple Software Updates"
display dialog "Installing any SECURITY or OS UPDATES, will FORCE the system to RE-BOOT." & "
Here are the available updates for your system:
" & updatelist & "
______________ updates listed above ______________
Do you want to install updates now? " buttons ("Later","Ok") default button "Later" with title "Available Apple Software Updates"
if button returned of result = "Ok" then
display dialog "Running Software Update now..." with icon caution
do shell script "softwareupdate -ia"
else if button returned of result = "Later" then
display dialog "Will install updates later. Remember to keep your system up-to-date." with icon caution
echo " $0 Completed "
date "+%A %B %d, %Y %H:%M" " "
@shaquir , @sharriston , and @cnorrisAdmin that's interesting but looks like a way to upgrade to Big Sur using Self Service or update Big Sur systems with user interaction. I believe what @jonathan.massey is looking for (and what I am looking for) is a way to update Big Sur to the latest Apple software updates without admin access. I would even prefer a way to apply updates with no user interaction. Does anybody know a way to do that in Big Sur?
In my testing I have found that all previous Self Service upgrading has been super inconsistent in Big Sur. I found a discussion that basically said to run a script which opens the Software Update preference pane and to make sure you have a configuration profile that allows standard users to install updates. Would you like either of those things posted?
@sharriston the OP might be interested but I need to do updates at the loginwindow with no user logged in. Thanks @Cayde-6 , I've seen online that doing the full install every time will provide updates, but I was hoping to avoid the ~30 minutes that takes to run and having the full installer on every machine.
I've hijacked this ticket enough, so anybody interested in updating Big Sur at the loginwindow, with no interactive user logged in, I have another discussion going here.
Using a script to call softwareupdate should suffice.
I have a daily script that lists and downloads available updates. A smart group is scoped to prompt the user to “install” these pending updates with a timeout of 9 hours. This allows the user to work through a business day without impact and / or execute at their convenience (ie. at lunchtime).
I would also like to know the answer here...
currently i am trying to get this working:
but it is a bit complicated. If there was a simple setting. Like for instance on windows GPO, you can set "allow limited users to install updates" and boom done. Does jamf have a similar setting? I dont care about forcing it at this time, i just want to allow the user to install without admin privs.
The short answer is, as far as I know, there is no easy way to allow standard users to do OS upgrades. One thing I got working is putting the Big Sur installer on the machine. Then I run the installer via a script as a policy in JAMF, with the adminuser password stored as Parameter 4 in the policy. (This requires a admin user account that is allowed to do OS updates on the machine.)
echo $4 | /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps --user adminuser --stdinpass
This isn't the most secure, but it's the only option I've found to automate the process. I don't use Self Service, so you may want to caution users that this will start the update immediately, so save your work, yada, yada, yada.