Posted on 11-04-2021 11:02 AM
Hey folks.. just as title suggests, I was wondering if it's possible to trigger the install/schedule OS update MDM via the Jamf API.
That way we can use a policy and start it a specific time in an effort to have all our Big Sur macs install updates and be compliant. Otherwise I'm at the mercy of the "Nudge" app, which I really don't like.
I thought it may be possible as in the past I've used the API to send MDM unenroll commands when migrating computers from one JamfPro server to another.
Posted on 11-04-2021 03:56 PM
It can be done. Keep in mind the risk with running API scripts on client computers that contain credentials. You might be better off building a process/script that runs from some kind of script server on a schedule.
Posted on 11-05-2021 05:53 AM
@cbrewer Thank you. Do you know the command line / script that will accomplish it? We're not concerned about credentials.
Posted on 11-05-2021 08:18 AM
Classic API (JSSResource) > computercommands/command/ScheduleOSUpdate
You're probably going to have to build something. There are many examples out there of scripting the Jamf classic API.
11-07-2021 05:14 PM - edited 11-07-2021 05:47 PM
Ok, so I tried the following and it doesn't alleviate the need for user authentication with Big Sur and Monterey. Ugh... I was actually hoping this would be a way around it since sending the ScheduleOSUpdate command does work for us. Why Apple does crap like this, I have no idea...
uname="$4"
pwd="$5"
if [ "$6" != "" ];then
server="$6"
else
## get current Jamf server
server=$(defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url)
fi
## ensure the server URL ends with a /
strLen=$((${#server}-1))
lastChar="${server:$strLen:1}"
if [ ! "$lastChar" = "/" ];then
server="${server}/"
fi
## send unmanage command to machine
curl -X POST -sku ${uname}:${pwd} ${server}JSSResource/computercommands/command/ScheduleOSUpdate
Posted on 11-05-2021 06:22 PM
I am trying to get a variation on this going - https://github.com/kdrwygvh/Sunstein_macOSUpdates
note: I'm pretty sure Jamf 10.33 breaks this process. I have a ticket open now to investigate. The result is that once the Mac gets to 11.6.1, it will keep reinstalling that same version and not install any other updates, like Safari.