Jamf Nation Community

Levi_ · ‎07-23-2021

Hey Everyone,

Pardon my ignorance, I'm trying to figure out how to install OS updates efficiently. Currently, I'm running the Software Updates Policy which installs the security updates just fine, but does not install the OS updates IE) Big Sur 11.5 on a machine running 11.4. I did come across another method to do this which is to run a second policy with the file and processes payload to run the software update tool, Softwareupdate -i -a, but I am trying to avoid situations where no warning or notification is given and a user restarts there machine and they have to wait 30 minutes for the upgrade to complete.

Is there a way to obtain a dmg or pkg of these minor OS updates which I can send out or is there a better way of doing this? I've tried searching the forums for any more clues but haven't had any luck there or I'm searching for the wrong thing. Any help would be appreciated, i'm still learning.

Thank You

MacJunior · ‎07-26-2021

I started using Nudge last couple of months and i'm really happy with it, take a look at it

https://github.com/macadmins/nudge

View solution in original post

alex_guarino · ‎07-23-2021

https://travellingtechguy.blog/demystifying-macos-big-sur-updates-and-jamf-pro-10-29/

MacJunior · ‎07-26-2021

I started using Nudge last couple of months and i'm really happy with it, take a look at it

https://github.com/macadmins/nudge

Neely52 · ‎07-26-2021

Thanks for the information keep sharing such informative post keep suggesting such post.

LBrands Aces

Levi_ · ‎07-26-2021

@alex_guarino Thank you for that article that was very helpful. From the looks of it I don't really have the option of obtaining the minor OS update dmg's and I guess that's just the way it is. Nudge looks nice too, I will give it a shot.

@MacJunior

Thank you for the second vote on Nudge. Has the feedback been positive from your users? Reading over the info it looks like it's set to check by default every 30 minutes, so it definitely "nudges" you into compliance it seems.

MacJunior · ‎07-27-2021

@Levi_ I got good feedback from some of my users, they were happy with it cuz it wasn't nagging that much.

you can create your own launch agent, for us 30 min "default one" is too much so I built my own agent to nudge my users every 4 hours so you can customize it the way that would fit your deployment and your org.

Join #Nudge channel on MacAdmins Slack ... lots of useful comments.

you can start from here https://www.youtube.com/watch?v=jyrtBXYxY7c

Levi_ · ‎07-29-2021

Thank you @MacJunior . I'm going to give this a shot, normally I do not like to have the end-user choose when to install updates and rather install them automatically for them and notify them a restart is required but for macs, things are very different. I wish Apple would provide an easier way to manage minor and major OS updates in the future for administrators.

sgiesbrecht · ‎07-30-2021

We use Files and Processes and use Self Service as most people are remote

Softwareupdate --agree-to-license --force --restart --install 'macOS Big Sur 11.5.1-20G80'

pueo · ‎08-06-2021

Do you allow users to defer?

P.

sgiesbrecht · ‎08-09-2021

if you are asking me, no we don't allow users to defer. A requirement from our client
We do in-house beta testing first before deploying globally

pueo · ‎08-18-2021

Thank you @sgiesbrecht , yes that was for you.

Levi_ · ‎08-06-2021

I considered using this approach but I don't want to reinstall macOS for a minor OS update 11.4>11.5.1 etc. I am starting to test Nudge out and so far it works. For major OS upgrades, I will deploy the OS Upgrades through Self Service.

I did come across this article and it is Apple to blame for no longer making the minor OS updates available as pkg's anylonger - https://eclecticlight.co/2020/12/17/apple-has-stopped-providing-standalone-installers-for-macos-upda...

aaronedmonton · ‎08-17-2021

This did not work for me.

Error message says no such update.

MacJunior · ‎08-10-2021

The next release of Nudge will support major OS upgrade

https://github.com/macadmins/nudge/pull/196

JustDeWon · ‎08-16-2021

What I ended up doing is a config profile, then a script that prompts the user to Update Now or Delay.. If they choose to "Update Now", it opens the Sys Preferences>Software Update pane and allows them to hit the Update button.. If they choose to Delay, 5 minutes prior to the delay time limit has reached, a 5 minute countdown dialog box runs and opens Sys Preferences>Software Update pane so they can update..

Simple, yet resolves the headache

aaronedmonton · ‎08-17-2021

This would be easy for our org but none of our users have Admin permissions to their computers.

JustDeWon · ‎08-18-2021

@aaronedmonton , this shouldn't require admin rights to accomplish

harsha · ‎10-18-2021

Hi justdewon,

May I know how to force update in jamf pro?

sgiesbrecht · ‎08-18-2021

I created a Policy using Self Service

I use Files and Processes (Softwareupdate --agree-to-license --force --restart --install 'macOS Big Sur 11.5.2-20G95') and Restart option.

You can get the software name from Software --list

I haven't had an issue.

Process downloads and installs

aaronedmonton · ‎08-18-2021

This is not working for my test device. It fails with the "No update found" even though the Big Sur update is primed and ready to download in "About Mac>Software Update"

Tried both 11.5.2 and 11.5.1 versions.

sgiesbrecht · ‎08-18-2021

macOS Big Sur 11.5.2-20G95 is Big Sur 11.5.2 so it will no find it

as for 11.5.1, are you pointing to your update server or apples?
and you ran softwareupdate --list?

aaronedmonton · ‎08-25-2021

I tried both versions of the Big Sur update. I know they have slightly different names.

Apple update server

softwareupdate --list shows no updates available even though Big Sur is listed in System preferences as an option

sgiesbrecht · ‎08-25-2021

@aaronedmonton
what macOS version are you using to trying on to the the list?

aaronedmonton · ‎08-25-2021

I'm not quite sure what you mean.

I tried using both versions you mentioned in your earlier replies. When I run the "softwareupdate --list" command on the device, it says no update available.

RohitDas · ‎09-13-2021

did you find any solution for that, Softwareupdate -l doesnt show the bigsur update

aaronedmonton · ‎09-13-2021

Only thing that works for me is this:

https://mrmacintosh.com/macos-big-sur-full-installer-database-download-directly-from-apple/

You download the InstallerAssistant.pkg file. Upload it to Jamf. Deploy it to any machine with a policy. This package basically reaches out to Apple servers and downloads the Big Sur installer app directly. It will take 30min + for the scoped device to download the Big Sur installer app. Once that is completed and the Big Sur app is in the Applications folder, I scope another policy to that same device with just a script:

'/Applications/Install macOS Big Sur.app/Contents/Resources/startosinstall' --agreetolicense --forcequitapps --nointeraction

*mind the single quotes and keep them^

I deployed this second script as a Self Service button so users can execute install when they are ready. This second policy may say it failed but it actually works every time. About 5-7 mins after clicking this button to execute this policy, the computer will start the Big Sur install automatically. No Admin credentials or interaction required.

pueo · ‎09-13-2021

Hey @aaronedmonton

Does the Install Assistant.pkg download the entire 12GB? which is basically reinstalling the OS. It may work ok, but we (Admins) should not have to install a new OS every time a macOS update is released.

Apple just released 11.6 today, so now we do this all again.

aaronedmonton · ‎09-13-2021

It does install the 12GB file to the device but my script just does an in-place installation/upgrade. Not a wipe and then upgrade.

MacJunior · ‎09-27-2021

I agree with @pueo it's a hassle to download 12GB each time Apple releases an update .. that's why I love Nudge, it nudges users to install the latest updates using Apple-approved way. tbh I didn't find a better solution than it.

fmcdealer · ‎10-27-2021

Thanks for the information keep sharing such informative posts keep suggesting such posts.

fmcdealer

myestub · ‎10-27-2021

Thank you so much for this Article this is very useful.

myestub

sgiesbrecht · ‎11-01-2021

just a heads up on Nudge (well for me at least)

We lock down our workstation and it still prompts for admin access to perform the upgrade.

In this case I grant a 5 min temp local admin access to start the upgrade process.

cucaracha · ‎12-22-2021

Is it possible to use "launchctl" to install Big Sur when the computer is turned on but not logged in?

pueo · ‎12-23-2021

Like @MacJunior has said "take a look at Nudge". After NOT listening to Apple tell us to use Nudge (many times), I am finally testing Nudge with the intention to deploy it in the new year. When Apple keeps telling us 'Nudge Nudge Nudge'..it kinda says something...so we are listening now.

Scheduling forced reboots to upgrade after XX days didn't work for us (CTO had Mac reboot in the middle of a meeting). Nudge will not force anyone to reboot but with the right configuration you can certainly make it VERY annoying for the user to ignore the update.
I've tried Mass action with Monterey and I didn't see anything on the user end..nothing updated, I've used commands in a policy, scripts..none of it is really affective for our environment. Nudge is the way to go for us.

Jamf Nation Community

How to deploy/manage macOS Big Sur Updates