Pardon my ignorance, I'm trying to figure out how to install OS updates efficiently. Currently, I'm running the Software Updates Policy which installs the security updates just fine, but does not install the OS updates IE) Big Sur 11.5 on a machine running 11.4. I did come across another method to do this which is to run a second policy with the file and processes payload to run the software update tool, Softwareupdate -i -a, but I am trying to avoid situations where no warning or notification is given and a user restarts there machine and they have to wait 30 minutes for the upgrade to complete.
Is there a way to obtain a dmg or pkg of these minor OS updates which I can send out or is there a better way of doing this? I've tried searching the forums for any more clues but haven't had any luck there or I'm searching for the wrong thing. Any help would be appreciated, i'm still learning.
Solved! Go to Solution.
@alex_guarino Thank you for that article that was very helpful. From the looks of it I don't really have the option of obtaining the minor OS update dmg's and I guess that's just the way it is. Nudge looks nice too, I will give it a shot.
Thank you for the second vote on Nudge. Has the feedback been positive from your users? Reading over the info it looks like it's set to check by default every 30 minutes, so it definitely "nudges" you into compliance it seems.
@Levi_ I got good feedback from some of my users, they were happy with it cuz it wasn't nagging that much.
you can create your own launch agent, for us 30 min "default one" is too much so I built my own agent to nudge my users every 4 hours so you can customize it the way that would fit your deployment and your org.
Join #Nudge channel on MacAdmins Slack ... lots of useful comments.
you can start from here https://www.youtube.com/watch?v=jyrtBXYxY7c
Thank you @MacJunior . I'm going to give this a shot, normally I do not like to have the end-user choose when to install updates and rather install them automatically for them and notify them a restart is required but for macs, things are very different. I wish Apple would provide an easier way to manage minor and major OS updates in the future for administrators.
I considered using this approach but I don't want to reinstall macOS for a minor OS update 11.4>11.5.1 etc. I am starting to test Nudge out and so far it works. For major OS upgrades, I will deploy the OS Upgrades through Self Service.
I did come across this article and it is Apple to blame for no longer making the minor OS updates available as pkg's anylonger - https://eclecticlight.co/2020/12/17/apple-has-stopped-providing-standalone-installers-for-macos-upda...
What I ended up doing is a config profile, then a script that prompts the user to Update Now or Delay.. If they choose to "Update Now", it opens the Sys Preferences>Software Update pane and allows them to hit the Update button.. If they choose to Delay, 5 minutes prior to the delay time limit has reached, a 5 minute countdown dialog box runs and opens Sys Preferences>Software Update pane so they can update..
Simple, yet resolves the headache
I created a Policy using Self Service
I use Files and Processes (Softwareupdate --agree-to-license --force --restart --install 'macOS Big Sur 11.5.2-20G95') and Restart option.
You can get the software name from Software --list
I haven't had an issue.
Process downloads and installs
This is not working for my test device. It fails with the "No update found" even though the Big Sur update is primed and ready to download in "About Mac>Software Update"
Tried both 11.5.2 and 11.5.1 versions.
I tried both versions of the Big Sur update. I know they have slightly different names.
Apple update server
softwareupdate --list shows no updates available even though Big Sur is listed in System preferences as an option
Only thing that works for me is this:
You download the InstallerAssistant.pkg file. Upload it to Jamf. Deploy it to any machine with a policy. This package basically reaches out to Apple servers and downloads the Big Sur installer app directly. It will take 30min + for the scoped device to download the Big Sur installer app. Once that is completed and the Big Sur app is in the Applications folder, I scope another policy to that same device with just a script:
'/Applications/Install macOS Big Sur.app/Contents/Resources/startosinstall' --agreetolicense --forcequitapps --nointeraction
*mind the single quotes and keep them^
I deployed this second script as a Self Service button so users can execute install when they are ready. This second policy may say it failed but it actually works every time. About 5-7 mins after clicking this button to execute this policy, the computer will start the Big Sur install automatically. No Admin credentials or interaction required.
just a heads up on Nudge (well for me at least)
We lock down our workstation and it still prompts for admin access to perform the upgrade.
In this case I grant a 5 min temp local admin access to start the upgrade process.
Like @MacJunior has said "take a look at Nudge". After NOT listening to Apple tell us to use Nudge (many times), I am finally testing Nudge with the intention to deploy it in the new year. When Apple keeps telling us 'Nudge Nudge Nudge'..it kinda says something...so we are listening now.
Scheduling forced reboots to upgrade after XX days didn't work for us (CTO had Mac reboot in the middle of a meeting). Nudge will not force anyone to reboot but with the right configuration you can certainly make it VERY annoying for the user to ignore the update.
I've tried Mass action with Monterey and I didn't see anything on the user end..nothing updated, I've used commands in a policy, scripts..none of it is really affective for our environment. Nudge is the way to go for us.