How to deploy/manage macOS Big Sur Updates

Levi_
Contributor II

Hey Everyone,

Pardon my ignorance, I'm trying to figure out how to install OS updates efficiently. Currently, I'm running the Software Updates Policy which installs the security updates just fine, but does not install the OS updates IE) Big Sur 11.5 on a machine running 11.4. I did come across another method to do this which is to run a second policy with the file and processes payload to run the software update tool, Softwareupdate -i -a, but I am trying to avoid situations where no warning or notification is given and a user restarts there machine and they have to wait 30 minutes for the upgrade to complete. 

Is there a way to obtain a dmg or pkg of these minor OS updates which I can send out or is there a better way of doing this? I've tried searching the forums for any more clues but haven't had any luck there or I'm searching for the wrong thing. Any help would be appreciated, i'm still learning. 

Thank You

1 ACCEPTED SOLUTION

MacJunior
Contributor III

I started using Nudge last couple of months and i'm really happy with it, take a look at it 

https://github.com/macadmins/nudge

 

View solution in original post

33 REPLIES 33

MacJunior
Contributor III

I started using Nudge last couple of months and i'm really happy with it, take a look at it 

https://github.com/macadmins/nudge

 

Neely52
New Contributor

Thanks for the information keep sharing such informative post keep suggesting such post.

 

LBrands Aces

Levi_
Contributor II

@alex_guarino Thank you for that article that was very helpful. From the looks of it I don't really have the option of obtaining the minor OS update dmg's and I guess that's just the way it is. Nudge looks nice too, I will give it a shot. 

@MacJunior 

Thank you for the second vote on Nudge. Has the feedback been positive from your users? Reading over the info it looks like it's set to check by default every 30 minutes, so it definitely "nudges" you into compliance it seems. 

MacJunior
Contributor III

@Levi_ I got good feedback from some of my users, they were happy with it cuz it wasn't nagging that much.

you can create your own launch agent, for us 30 min "default one" is too much so I built my own agent to nudge my users every 4 hours so you can customize it the way that would fit your deployment and your org.

Join #Nudge channel on MacAdmins Slack ... lots of useful comments.

you can start from here https://www.youtube.com/watch?v=jyrtBXYxY7c

 

 

Thank you @MacJunior . I'm going to give this a shot, normally I do not like to have the end-user choose when to install updates and rather install them automatically for them and notify them a restart is required but for macs, things are very different. I wish Apple would provide an easier way to manage minor and major OS updates in the future for administrators. 

sgiesbrecht
Contributor III

We use Files and Processes and use Self Service as most people are remote

Screen Shot 2021-07-30 at 14.59.41.png

Softwareupdate --agree-to-license --force --restart --install 'macOS Big Sur 11.5.1-20G80'

Do you allow users to defer?  

P.

if you are asking me, no we don't allow users to defer. A requirement from our client
We do in-house beta testing first before deploying globally

 

Thank you @sgiesbrecht , yes that was for you.

I considered using this approach but I don't want to reinstall macOS for a minor OS update 11.4>11.5.1 etc. I am starting to test Nudge out and so far it works. For major OS upgrades, I will deploy the OS Upgrades through Self Service.

I did come across this article and it is Apple to blame for no longer making the minor OS updates available as pkg's anylonger - https://eclecticlight.co/2020/12/17/apple-has-stopped-providing-standalone-installers-for-macos-upda...

This did not work for me.

Error message says no such update.

MacJunior
Contributor III

The next release of Nudge will support major OS upgrade

https://github.com/macadmins/nudge/pull/196

 

JustDeWon
Contributor III

What I ended up doing is a config profile, then a script that prompts the user to Update Now or Delay.. If they choose to "Update Now", it opens the Sys Preferences>Software Update pane and allows them to hit the Update button.. If they choose to Delay, 5 minutes prior to the delay time limit has reached, a 5 minute countdown dialog box runs and opens Sys Preferences>Software Update pane so they can update.. 

Simple, yet resolves the headache

This would be easy for our org but none of our users have Admin permissions to their computers.

@aaronedmonton , this shouldn't require admin rights to accomplish

harsha
New Contributor III

Hi justdewon,

May I know how to force update in jamf pro?

sgiesbrecht
Contributor III

I created a Policy using Self Service

I use Files and Processes (Softwareupdate --agree-to-license --force --restart --install 'macOS Big Sur 11.5.2-20G95') and Restart option.

You can get the software name from Software --list

I haven't had an issue.

Process downloads and installs

This is not working for my test device. It fails with the "No update found" even though the Big Sur update is primed and ready to download in "About Mac>Software Update"

 

Tried both 11.5.2 and 11.5.1 versions.

sgiesbrecht
Contributor III

macOS Big Sur 11.5.2-20G95 is Big Sur 11.5.2 so it will no find it

as for 11.5.1, are you pointing to your update server or apples?
and you ran softwareupdate --list?

 

I tried both versions of the Big Sur update. I know they have slightly different names.

Apple update server

softwareupdate --list shows no updates available even though Big Sur is listed in System preferences as an option

@aaronedmonton 
what macOS version are you using to trying on to the the list?

I'm not quite sure what you mean.

I tried using both versions you mentioned in your earlier replies. When I run the "softwareupdate --list" command on the device, it says no update available.

did you find any solution for that, Softwareupdate -l doesnt show the bigsur update

 

Only thing that works for me is this:

 

https://mrmacintosh.com/macos-big-sur-full-installer-database-download-directly-from-apple/

You download the InstallerAssistant.pkg file. Upload it to Jamf. Deploy it to any machine with a policy. This package basically reaches out to Apple servers and downloads the Big Sur installer app directly.  It will take 30min + for the scoped device to download the Big Sur installer app. Once that is completed and the Big Sur app is in the Applications folder, I scope another policy to that same device with just a script:

 

'/Applications/Install macOS Big Sur.app/Contents/Resources/startosinstall' --agreetolicense --forcequitapps --nointeraction

*mind the single quotes and keep them^

I deployed this second script as a Self Service button so users can execute install when they are ready. This second policy may say it failed but it actually works every time. About 5-7 mins after clicking this button to execute this policy, the computer will start the Big Sur install automatically. No Admin credentials or interaction required.

Hey @aaronedmonton 

 

Does the Install Assistant.pkg download the entire 12GB? which is basically reinstalling the OS.  It may work ok, but we (Admins) should not have to install a new OS every time a macOS update is released.

Apple just released 11.6 today, so now we do this all again.

aaronedmonton
New Contributor III

It does install the 12GB file to the device but my script just does an in-place installation/upgrade. Not a wipe and then upgrade.

MacJunior
Contributor III

I agree with @pueo it's a hassle to download 12GB each time Apple releases an update .. that's why I love Nudge, it nudges users to install the latest updates using Apple-approved way. tbh I didn't find a better solution than it.

fmcdealer
New Contributor

Thanks for the information keep sharing such informative posts keep suggesting such posts.

fmcdealer

myestub
New Contributor

Thank you so much for this Article this is very useful.

myestub

sgiesbrecht
Contributor III

just a heads up on Nudge (well for me at least)

We lock down our workstation and it still prompts for admin access to perform the upgrade. 

In this case I grant a 5 min temp local admin access to start the upgrade process.

roach
New Contributor III

Is it possible to use "launchctl" to install Big Sur when the computer is turned on but not logged in?

pueo
Contributor II

Like @MacJunior has said "take a look at Nudge".  After NOT listening to Apple tell us to use Nudge (many times), I am finally testing Nudge with the intention to deploy it in the new year.  When Apple keeps telling us 'Nudge Nudge Nudge'..it kinda says something...so we are listening now.

Scheduling forced reboots to upgrade after XX days didn't work for us (CTO had Mac reboot in the middle of a meeting).  Nudge will not force anyone to reboot but with the right configuration you can certainly make it VERY annoying for the user to ignore the update. 
I've tried Mass action with Monterey and I didn't see anything on the user end..nothing updated, I've used commands in a policy, scripts..none of it is really affective for our environment.  Nudge is the way to go for us.