How to deploy/manage macOS Big Sur Updates

Levi_
New Contributor III

Hey Everyone,

Pardon my ignorance, I'm trying to figure out how to install OS updates efficiently. Currently, I'm running the Software Updates Policy which installs the security updates just fine, but does not install the OS updates IE) Big Sur 11.5 on a machine running 11.4. I did come across another method to do this which is to run a second policy with the file and processes payload to run the software update tool, Softwareupdate -i -a, but I am trying to avoid situations where no warning or notification is given and a user restarts there machine and they have to wait 30 minutes for the upgrade to complete. 

Is there a way to obtain a dmg or pkg of these minor OS updates which I can send out or is there a better way of doing this? I've tried searching the forums for any more clues but haven't had any luck there or I'm searching for the wrong thing. Any help would be appreciated, i'm still learning. 

Thank You

1 ACCEPTED SOLUTION

MacJunior
New Contributor III

I started using Nudge last couple of months and i'm really happy with it, take a look at it 

https://github.com/macadmins/nudge

 

View solution in original post

26 REPLIES 26

MacJunior
New Contributor III

I started using Nudge last couple of months and i'm really happy with it, take a look at it 

https://github.com/macadmins/nudge

 

View solution in original post

Neely52
New Contributor

Thanks for the information keep sharing such informative post keep suggesting such post.

 

LBrands Aces

Levi_
New Contributor III

@alex_guarino Thank you for that article that was very helpful. From the looks of it I don't really have the option of obtaining the minor OS update dmg's and I guess that's just the way it is. Nudge looks nice too, I will give it a shot. 

@MacJunior 

Thank you for the second vote on Nudge. Has the feedback been positive from your users? Reading over the info it looks like it's set to check by default every 30 minutes, so it definitely "nudges" you into compliance it seems. 

MacJunior
New Contributor III

@Levi_ I got good feedback from some of my users, they were happy with it cuz it wasn't nagging that much.

you can create your own launch agent, for us 30 min "default one" is too much so I built my own agent to nudge my users every 4 hours so you can customize it the way that would fit your deployment and your org.

Join #Nudge channel on MacAdmins Slack ... lots of useful comments.

you can start from here https://www.youtube.com/watch?v=jyrtBXYxY7c

 

 

Levi_
New Contributor III

Thank you @MacJunior . I'm going to give this a shot, normally I do not like to have the end-user choose when to install updates and rather install them automatically for them and notify them a restart is required but for macs, things are very different. I wish Apple would provide an easier way to manage minor and major OS updates in the future for administrators. 

sgiesbrecht
Contributor

We use Files and Processes and use Self Service as most people are remote

Screen Shot 2021-07-30 at 14.59.41.png

Softwareupdate --agree-to-license --force --restart --install 'macOS Big Sur 11.5.1-20G80'

Do you allow users to defer?  

P.

if you are asking me, no we don't allow users to defer. A requirement from our client
We do in-house beta testing first before deploying globally

 

Thank you @sgiesbrecht , yes that was for you.

Levi_
New Contributor III

I considered using this approach but I don't want to reinstall macOS for a minor OS update 11.4>11.5.1 etc. I am starting to test Nudge out and so far it works. For major OS upgrades, I will deploy the OS Upgrades through Self Service.

I did come across this article and it is Apple to blame for no longer making the minor OS updates available as pkg's anylonger - https://eclecticlight.co/2020/12/17/apple-has-stopped-providing-standalone-installers-for-macos-upda...

This did not work for me.

Error message says no such update.

MacJunior
New Contributor III

The next release of Nudge will support major OS upgrade

https://github.com/macadmins/nudge/pull/196

 

JustDeWon
Contributor III

What I ended up doing is a config profile, then a script that prompts the user to Update Now or Delay.. If they choose to "Update Now", it opens the Sys Preferences>Software Update pane and allows them to hit the Update button.. If they choose to Delay, 5 minutes prior to the delay time limit has reached, a 5 minute countdown dialog box runs and opens Sys Preferences>Software Update pane so they can update.. 

Simple, yet resolves the headache

This would be easy for our org but none of our users have Admin permissions to their computers.

@aaronedmonton , this shouldn't require admin rights to accomplish

sgiesbrecht
Contributor

I created a Policy using Self Service

I use Files and Processes (Softwareupdate --agree-to-license --force --restart --install 'macOS Big Sur 11.5.2-20G95') and Restart option.

You can get the software name from Software --list

I haven't had an issue.

Process downloads and installs

This is not working for my test device. It fails with the "No update found" even though the Big Sur update is primed and ready to download in "About Mac>Software Update"

 

Tried both 11.5.2 and 11.5.1 versions.

sgiesbrecht
Contributor

macOS Big Sur 11.5.2-20G95 is Big Sur 11.5.2 so it will no find it

as for 11.5.1, are you pointing to your update server or apples?
and you ran softwareupdate --list?

 

I tried both versions of the Big Sur update. I know they have slightly different names.

Apple update server

softwareupdate --list shows no updates available even though Big Sur is listed in System preferences as an option

@aaronedmonton 
what macOS version are you using to trying on to the the list?

I'm not quite sure what you mean.

I tried using both versions you mentioned in your earlier replies. When I run the "softwareupdate --list" command on the device, it says no update available.

did you find any solution for that, Softwareupdate -l doesnt show the bigsur update

 

Only thing that works for me is this:

 

https://mrmacintosh.com/macos-big-sur-full-installer-database-download-directly-from-apple/

You download the InstallerAssistant.pkg file. Upload it to Jamf. Deploy it to any machine with a policy. This package basically reaches out to Apple servers and downloads the Big Sur installer app directly.  It will take 30min + for the scoped device to download the Big Sur installer app. Once that is completed and the Big Sur app is in the Applications folder, I scope another policy to that same device with just a script:

 

'/Applications/Install macOS Big Sur.app/Contents/Resources/startosinstall' --agreetolicense --forcequitapps --nointeraction

*mind the single quotes and keep them^

I deployed this second script as a Self Service button so users can execute install when they are ready. This second policy may say it failed but it actually works every time. About 5-7 mins after clicking this button to execute this policy, the computer will start the Big Sur install automatically. No Admin credentials or interaction required.

Hey @aaronedmonton 

 

Does the Install Assistant.pkg download the entire 12GB? which is basically reinstalling the OS.  It may work ok, but we (Admins) should not have to install a new OS every time a macOS update is released.

Apple just released 11.6 today, so now we do this all again.

It does install the 12GB file to the device but my script just does an in-place installation/upgrade. Not a wipe and then upgrade.