Jamfhelper automatic OS update

CYL
New Contributor II

I'm very new to scripting in general. I'm helping to develop a policy to search and install new os update to individual's system. The scripts works fine in terminal, but when I run it as a policy. It will failed because of authentication. Is there anyway to fix this?  Either prompt a window to put in their credentials. I only want it to run whenever the user or an IT admin press the policy in self service to activate it. Here is my original script. Thanks

 

#!/bin/zsh

Choice=$(/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper  -windowType utility -title "Updates" -heading "Mac OS X Updates" -description "Your Mac needs to check for and install the latest updates. Please select Update Now to update OS X (This will restart the computer). If you select Update Later you can update from the Self Service(If not done soon your mac will auto update)." -button1 "Update Now" -button2 "Update Later" -defaultButton 1 -cancelButton 2)

if [[ "$Choice" == "0" ]]; then
   sudo softwareUpdate -iaR
fi

exit 0
#Written by CYL

 

 

11 REPLIES 11

SmilieK
New Contributor III

Are you trying to run that on a M1 machine? if so it won't work. You can't issue the "Restart command" anymore on them. It has to do with the bootstrap token and lot of other factors.

That script as is should work 10.15 and below. you should not need the "sudo" in the jamf script. All actions are ran as admin unless you tell it otherwise. 

In Jamf 10.32 they say they "fixed"(have not tested myself) it so you can issue API commands to do "restart" updates on M1's

bwoods
Valued Contributor

@CYL  I would suggest creating a user interaction policy with a Files and Processes payload. However, If you absolutely need a custom script then then you can use this

efil4xiN
Contributor II

Take  a look at Graham Pugh's erase-install. ( forget the name).  erase-install used wiht the right options can do os upgrades, os updates, and erase-install for return to stock. Datamind has a pre-packaged fork Datamind erase install .

I got tired of the  getting the DMG,cache the DMG etc, so this works for us

CYL
New Contributor II

Hey Guys thank you all for your reply. We have develop a new way to do it. It can successfully download the new OS, but it won't install. it require not only a normal reboot. We are using the "Software Update's" interaction policy in Jamf. Following is the screenshot for the policy 28's selections.

 Screen Shot 2021-09-14 at 1.39.57 PM.pngScreen Shot 2021-09-14 at 1.40.50 PM.png so I'm wondering what will be the suitable command letting the system to install the OS just downloaded. Big thanks

 

 

 

#!/bin/zsh

Choice=$(/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper  -windowType utility -title "Updates" -heading "Mac OS X Updates" -description "Your Mac needs to check for and install the latest updates. Please select Update Now to update OS X (This will restart the computer). If you select Update Later you can update from the Self Service(If not done soon your mac will auto update)." -button1 "Update Now" -button2 "Update Later" -defaultButton 1 -cancelButton 2)

if [[ "$Choice" == "0" ]]; then
  jamf policy -id 28 
fi

exit 0
#Written by CYL
#Updated by TJC

 

 

 

 

bwoods
Valued Contributor

@CYL  go to the Files and Processes payload and run "softwareupdate -aiR". It's more reliable than the software update payload.

bwoods
Valued Contributor

@CYLif this is an M1 device you will need a bootstrap token uploaded to the Jamf Pro server. Otherwise, forcing updates on an M1 devices is not possible.

CYL
New Contributor II

@bwoods Thank you for the advice. I might done it wrong, but it shows that failed due to "authentication failed". this circle back to the start. I put my script as a DMG and run it as a package, and I'm not sure which box should I check in the Maintenance section.

bwoods
Valued Contributor

@CYL made a mistake. You need to use the Files and Processes payload. Look for the section called "Execute Command". add "software update -aiR" to that section. 

Files and Processes.png

CYL
New Contributor II

@bwoods for this method I won't need any other scripts or sectioned configured I suppose?

bwoods
Valued Contributor

Correct, no packaging required. This payload will just run the softwareupdate command.

ooshnoo
Valued Contributor

@CYL Did you get this working?  If so, can you share your final policy details?