Skip to main content
Question

Jamfhelper automatic OS update

  • September 13, 2021
  • 11 replies
  • 76 views
C
Forum|alt.badge.img+3
  • CYL
  • New Contributor

I'm very new to scripting in general. I'm helping to develop a policy to search and install new os update to individual's system. The scripts works fine in terminal, but when I run it as a policy. It will failed because of authentication. Is there anyway to fix this?  Either prompt a window to put in their credentials. I only want it to run whenever the user or an IT admin press the policy in self service to activate it. Here is my original script. Thanks

 

#!/bin/zsh Choice=$(/Library/Application\\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "Updates" -heading "Mac OS X Updates" -description "Your Mac needs to check for and install the latest updates. Please select Update Now to update OS X (This will restart the computer). If you select Update Later you can update from the Self Service(If not done soon your mac will auto update)." -button1 "Update Now" -button2 "Update Later" -defaultButton 1 -cancelButton 2) if [[ "$Choice" == "0" ]]; then sudo softwareUpdate -iaR fi exit 0 #Written by CYL

 

 

    11 replies

    SmilieK
    Forum|alt.badge.img+8
    • SmilieK
    • New Contributor
    • September 13, 2021

    Are you trying to run that on a M1 machine? if so it won't work. You can't issue the "Restart command" anymore on them. It has to do with the bootstrap token and lot of other factors.

    That script as is should work 10.15 and below. you should not need the "sudo" in the jamf script. All actions are ran as admin unless you tell it otherwise. 

    In Jamf 10.32 they say they "fixed"(have not tested myself) it so you can issue API commands to do "restart" updates on M1's

      bwoods
      Forum|alt.badge.img+14
      • bwoods
      • Honored Contributor
      • September 13, 2021

      @CYL  I would suggest creating a user interaction policy with a Files and Processes payload. However, If you absolutely need a custom script then then you can use this

        E
        Forum|alt.badge.img+8
        • efil4xiN
        • Valued Contributor
        • September 14, 2021

        Take  a look at Graham Pugh's erase-install. ( forget the name).  erase-install used wiht the right options can do os upgrades, os updates, and erase-install for return to stock. Datamind has a pre-packaged fork Datamind erase install .

        I got tired of the  getting the DMG,cache the DMG etc, so this works for us

          C
          Forum|alt.badge.img+3
          • CYL
          • Author
          • New Contributor
          • September 14, 2021

          Hey Guys thank you all for your reply. We have develop a new way to do it. It can successfully download the new OS, but it won't install. it require not only a normal reboot. We are using the "Software Update's" interaction policy in Jamf. Following is the screenshot for the policy 28's selections.

            so I'm wondering what will be the suitable command letting the system to install the OS just downloaded. Big thanks

           

           

           

          #!/bin/zsh Choice=$(/Library/Application\\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "Updates" -heading "Mac OS X Updates" -description "Your Mac needs to check for and install the latest updates. Please select Update Now to update OS X (This will restart the computer). If you select Update Later you can update from the Self Service(If not done soon your mac will auto update)." -button1 "Update Now" -button2 "Update Later" -defaultButton 1 -cancelButton 2) if [[ "$Choice" == "0" ]]; then jamf policy -id 28 fi exit 0 #Written by CYL #Updated by TJC

           

           

           

           

          bwoods
          Forum|alt.badge.img+14
          • bwoods
          • Honored Contributor
          • September 14, 2021

          Hey Guys thank you all for your reply. We have develop a new way to do it. It can successfully download the new OS, but it won't install. it require not only a normal reboot. We are using the "Software Update's" interaction policy in Jamf. Following is the screenshot for the policy 28's selections.

            so I'm wondering what will be the suitable command letting the system to install the OS just downloaded. Big thanks

           

           

           

          #!/bin/zsh Choice=$(/Library/Application\\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "Updates" -heading "Mac OS X Updates" -description "Your Mac needs to check for and install the latest updates. Please select Update Now to update OS X (This will restart the computer). If you select Update Later you can update from the Self Service(If not done soon your mac will auto update)." -button1 "Update Now" -button2 "Update Later" -defaultButton 1 -cancelButton 2) if [[ "$Choice" == "0" ]]; then jamf policy -id 28 fi exit 0 #Written by CYL #Updated by TJC

           

           

           

           


          @CYL  go to the Files and Processes payload and run "softwareupdate -aiR". It's more reliable than the software update payload.

          bwoods
          Forum|alt.badge.img+14
          • bwoods
          • Honored Contributor
          • September 14, 2021

          @CYL  go to the Files and Processes payload and run "softwareupdate -aiR". It's more reliable than the software update payload.


          @CYLif this is an M1 device you will need a bootstrap token uploaded to the Jamf Pro server. Otherwise, forcing updates on an M1 devices is not possible.

          C
          Forum|alt.badge.img+3
          • CYL
          • Author
          • New Contributor
          • September 16, 2021

          @CYL  go to the Files and Processes payload and run "softwareupdate -aiR". It's more reliable than the software update payload.


          @bwoods Thank you for the advice. I might done it wrong, but it shows that failed due to "authentication failed". this circle back to the start. I put my script as a DMG and run it as a package, and I'm not sure which box should I check in the Maintenance section.

            bwoods
            Forum|alt.badge.img+14
            • bwoods
            • Honored Contributor
            • September 16, 2021

            @bwoods Thank you for the advice. I might done it wrong, but it shows that failed due to "authentication failed". this circle back to the start. I put my script as a DMG and run it as a package, and I'm not sure which box should I check in the Maintenance section.


            @CYL made a mistake. You need to use the Files and Processes payload. Look for the section called "Execute Command". add "software update -aiR" to that section. 

              C
              Forum|alt.badge.img+3
              • CYL
              • Author
              • New Contributor
              • September 16, 2021

              @CYL made a mistake. You need to use the Files and Processes payload. Look for the section called "Execute Command". add "software update -aiR" to that section. 


              @bwoods for this method I won't need any other scripts or sectioned configured I suppose?

                bwoods
                Forum|alt.badge.img+14
                • bwoods
                • Honored Contributor
                • September 16, 2021

                @bwoods for this method I won't need any other scripts or sectioned configured I suppose?


                Correct, no packaging required. This payload will just run the softwareupdate command.

                O
                Forum|alt.badge.img+14
                • ooshnoo
                • Honored Contributor
                • November 5, 2021

                @CYL Did you get this working?  If so, can you share your final policy details?

                Terms & ConditionsCookie settingsAccessibility statement