Jamf Nation Community

TomDay · ‎01-26-2018

5 years ago, we were updating all of our school's equipment to the latest OS by our Team hitting all machines in person and the last few years we've leveraged Self Service for our users to install OS updates themselves. After spending a lot of time the last few weeks trying to update all the associated polices and scripts, try new methods posted here on Jamf nation, I finally just decided to try updating a test machine to High Sierra via the App store. I'm thinking about just having our users update via the user initiated App Store method. Only obstacle would be getting getting the setup assistant to not run.

What reason would I have to not use this method?
If I go with this how can I skip the setup assistant on next reboot etc if the user updates via the app store? (previous just packaged up to run in the Self Service policy)

Thx in advance for your thoughts.

TomDay · ‎02-06-2018

Good "seeing" you on here @jalcorn ! I wound tweaking my SS policy and script from the 10.12 upgrades and got 10.13 to work well so I'm running that out now. WiIll tuck this script away for future use, TY.

View solution in original post

alv2015591 · ‎01-28-2018

Which methods have you tried? I use three methods for upgrade.
1. JSS Policy the downloads the High Sierra App then runs the upgrade with no interaction. ( Based on a smart group of anyone with an OS Lower then 10.13.2). (Timed to only run between 10pm -6AM)
2. JSS Policy that again downloads the installer to the system and runs the upgrade with no interaction ( for urgent upgrades without a time restriction)
3. JSS Policy that does the same thing from self service. That only shows to people in the smart group of the first policy listed.

I have used both the Josh Roskos script with the user prompts (user must click ok for the process to start) and one with no prompts at all. If you would like the information I can post the scripts & links here.

TomDay · ‎01-29-2018

@alv2015591 Our method from last year for 10.12.x would entail a self service policy scoped to machines that were < 10.12, download the 10.12 app to the usersShared folder and proceed with the install after checking for enough free HDD space and connected to a power source.

I'd appreciate the opportunity to look through what you have for 10.13, thanks for the offer.

jalcorn · ‎02-02-2018

MInor OS updates the below script works like a champ when paired with smart groups.

#!/bin/sh

##########################################
# Apple Software Update Script               
# Josh Harvey | June 2017                
# josh[at]macjeezy.com                   
# GitHub - github.com/therealmacjeezy    
# JAMFnation - therealmacjeezy           
##########################################

############################### Notes ##################################
# This script will allow you to install individual software updates
# from Apple. By using the Parameter 4 option, you can select which 
# item you would like the script to find any available updates and 
# install them if they are available. 
#
# Inside the formatInput array, you will find the keywords that can 
# be used for each item. This will take the input you enter in 
# Parameter 4 and convert it to the format that matches the output of
# the softwareupdate command line tool.
#
########### ISSUES / USAGE #############################################
# If you have any issues or questions please feel free to contact       
# using the information in the header of this script.  
#
# If you want to add any additional items to the script, you will need
# to first create an array with the keywords you think may be used, 
# then create an additonal elif statement that will be used to match
# the input from Parameter 4 to the correct format.
#
# If there aren't any available updates for that item, the script will
# quietly exit and no error message will be displayed to the user.                  
#                                                                       
# Also, Please give me credit and let me know if you are going to use  
# this script. I would love to know how it works out and if you find    
# it helpful.                                                           
########################################################################

############################## Parameters ##############################
#################### Parameter 4 - Update Selection ####################
##################### Enter the item name to update ####################
#### Item Options
# iTunes - iTunes Update
# macOS - macOS Software Update (Restart Required)
# RDP - Remote Desktop Client Update
# Security - Security Update (Restart Required)
# App Store - Mac App Store Update (Restart Required)
# Safari - Safari Update
########################################################################

formatInput() {
    # Arrays that contain multiple variations of each item to ensure it gets formatted correctly
    RemoteDesktop=("rdp" "RDP" "remote desktop" "remote" "Remote" "Remote Desktop")
    iTunes=("itunes" "Itunes" "iTunes")
    macOS=("macos" "MacOS" "MACOS" "osx" "OSX")
    appStore=("app" "appstore" "App Store" "App store" "Appstore")
    security=("Security" "security" "security update" "Security Update")
    safari=("safari" "Safari")

    # Formats the item name
    if [[ "${iTunes[@]}" =~ "$itemUpdate" ]];
        then
            itemUpdate="iTunes"
    elif [[ "${macOS[@]}" =~ "$itemUpdate" ]];
        then
            itemUpdate="macOS"
    elif [[ "${RemoteDesktop[@]}" =~ "$itemUpdate" ]];
        then
            itemUpdate="RemoteDesktop"
    elif [[ "${appStore[@]}" =~ "$itemUpdate" ]];
        then
            itemUpdate="App Store"
    elif [[ "${security[@]}" =~ "$itemUpdate" ]];
        then
            itemUpdate="Security"
    elif [[ "${safari[@]}" =~ "$itemUpdate" ]];
        then
            itemUpdate="Safari"
    fi
}

getUpdates=`softwareupdate -l | grep -w "*" | sed 's/^[[:space:]]*//'`

# Gets the input from parameter 4 and assigns it to the variable being used to check for the update and install it
if [[ -z "$4" ]];
    then
        echo "Missing Required Item (eg: iTunes, macOS, etc..). Exiting."
        exit 0
else
        itemUpdate="$4"
        formatInput
        echo "$getUpdates" | sed 's/[*]//g' | sed 's/^[[:space:]]*//' > /tmp/SoftwareUpdates
        echo "Starting $itemUpdate Update"
fi


# Variable that searches for the software update
updateName=`cat /tmp/SoftwareUpdates | grep "$itemUpdate"`

# If statement to handle no updates being available and install the update if found
if [[ -z "$updateName" ]];
    then
        echo "No Update Found"
        exit 0
else
        echo "$updateName"
        echo "softwareupdate --install $updateName"
        sudo softwareupdate --install "$updateName"
fi

TomDay · ‎02-06-2018

Good "seeing" you on here @jalcorn ! I wound tweaking my SS policy and script from the 10.12 upgrades and got 10.13 to work well so I'm running that out now. WiIll tuck this script away for future use, TY.

alv2015591 · ‎09-25-2018

Do you have File Share Distribution Points on your network ? If so why wouldn't you use composer to create a 10.13.6 install package then user a post install script to update your clients to the latest OS you desire??

Command 10.13

/Applications/Install macOS High Sierra.app/Contents/Resources/startosinstall --applicationpath /Applications/Install macOS High Sierra.app --rebootdelay 30 --nointeraction

Command 10.14

/Applications/Install macOS Mojave.app/Contents/Resources/startosinstall --rebootdelay 30 --nointeraction

I usually add the following parameters to the script but you can accomplish these same checks with smart groups

Check if device is on battery or ac power

pwrAdapter=$( /usr/bin/pmset -g ps )
if [[ ${pwrAdapter} == "AC Power" ]]; then pwrStatus="OK" /bin/echo "Power Check: OK - AC Power Detected"
else pwrStatus="ERROR" /bin/echo "Power Check: ERROR - No AC Power Detected"
fi

Check if free space > 15GB

osMinor=$( /usr/bin/sw_vers -productVersion | awk -F. {'print $2'} )
if [[ $osMinor -ge 12 ]]; then freeSpace=$( /usr/sbin/diskutil info / | grep "Available Space" | awk '{print $6}' | cut -c 2- )
else freeSpace=$( /usr/sbin/diskutil info / | grep "Free Space" | awk '{print $6}' | cut -c 2- )
fi

if [[ ${freeSpace%.} -ge 15000000000 ]]; then spaceStatus="OK" /bin/echo "Disk Check: OK - ${freeSpace%.} Bytes Free Space Detected"
else spaceStatus="ERROR" /bin/echo "Disk Check: ERROR - ${freeSpace%.*} Bytes Free Space Detected"
fi

Good Luck I just don't like using internet bandwidth if I dont have too...

Jamf Nation Community

Deploying OS Updates via Self Service vs User Initiated App Store Download/Install

Check if device is on battery or ac power

Check if free space > 15GB