Help

Jamfhelper automatic OS update

CYL
New Contributor II

‎09-13-2021 06:52 AM - edited ‎09-13-2021 07:00 AM

I'm very new to scripting in general. I'm helping to develop a policy to search and install new os update to individual's system. The scripts works fine in terminal, but when I run it as a policy. It will failed because of authentication. Is there anyway to fix this?  Either prompt a window to put in their credentials. I only want it to run whenever the user or an IT admin press the policy in self service to activate it. Here is my original script. Thanks

 

#!/bin/zsh

Choice=$(/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper  -windowType utility -title "Updates" -heading "Mac OS X Updates" -description "Your Mac needs to check for and install the latest updates. Please select Update Now to update OS X (This will restart the computer). If you select Update Later you can update from the Self Service(If not done soon your mac will auto update)." -button1 "Update Now" -button2 "Update Later" -defaultButton 1 -cancelButton 2)

if [[ "$Choice" == "0" ]]; then
   sudo softwareUpdate -iaR
fi

exit 0
#Written by CYL

 

 

0 Kudos
Reply
11 REPLIES 11

SmilieK
New Contributor III

Posted on ‎09-13-2021 07:02 AM

Are you trying to run that on a M1 machine? if so it won't work. You can't issue the "Restart command" anymore on them. It has to do with the bootstrap token and lot of other factors.

That script as is should work 10.15 and below. you should not need the "sudo" in the jamf script. All actions are ran as admin unless you tell it otherwise. 

In Jamf 10.32 they say they "fixed"(have not tested myself) it so you can issue API commands to do "restart" updates on M1's

Reply

bwoods
Valued Contributor

‎09-13-2021 07:06 AM - edited ‎09-16-2021 06:32 AM

@CYL  I would suggest creating a user interaction policy with a Files and Processes payload. However, If you absolutely need a custom script then then you can use this

Reply

efil4xiN
Contributor II

Posted on ‎09-14-2021 03:05 AM

Take  a look at Graham Pugh's erase-install. ( forget the name).  erase-install used wiht the right options can do os upgrades, os updates, and erase-install for return to stock. Datamind has a pre-packaged fork Datamind erase install .

I got tired of the  getting the DMG,cache the DMG etc, so this works for us

Reply

CYL
New Contributor II

‎09-14-2021 10:08 AM - edited ‎09-14-2021 10:43 AM

Hey Guys thank you all for your reply. We have develop a new way to do it. It can successfully download the new OS, but it won't install. it require not only a normal reboot. We are using the "Software Update's" interaction policy in Jamf. Following is the screenshot for the policy 28's selections.

 Screen Shot 2021-09-14 at 1.39.57 PM.pngScreen Shot 2021-09-14 at 1.40.50 PM.png so I'm wondering what will be the suitable command letting the system to install the OS just downloaded. Big thanks

 

 

 

#!/bin/zsh

Choice=$(/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper  -windowType utility -title "Updates" -heading "Mac OS X Updates" -description "Your Mac needs to check for and install the latest updates. Please select Update Now to update OS X (This will restart the computer). If you select Update Later you can update from the Self Service(If not done soon your mac will auto update)." -button1 "Update Now" -button2 "Update Later" -defaultButton 1 -cancelButton 2)

if [[ "$Choice" == "0" ]]; then
  jamf policy -id 28 
fi

exit 0
#Written by CYL
#Updated by TJC

 

 

 

 

0 Kudos
Reply

bwoods
Valued Contributor
In response to CYL

‎09-14-2021 11:25 AM - edited ‎09-16-2021 06:31 AM

@CYL  go to the Files and Processes payload and run "softwareupdate -aiR". It's more reliable than the software update payload.

0 Kudos
Reply

bwoods
Valued Contributor
In response to bwoods

Posted on ‎09-14-2021 11:30 AM

@CYLif this is an M1 device you will need a bootstrap token uploaded to the Jamf Pro server. Otherwise, forcing updates on an M1 devices is not possible.

0 Kudos
Reply

CYL
New Contributor II
In response to bwoods

‎09-16-2021 05:38 AM - edited ‎09-16-2021 06:14 AM

@bwoods Thank you for the advice. I might done it wrong, but it shows that failed due to "authentication failed". this circle back to the start. I put my script as a DMG and run it as a package, and I'm not sure which box should I check in the Maintenance section.

Reply

bwoods
Valued Contributor
In response to CYL

Posted on ‎09-16-2021 06:36 AM

@CYL made a mistake. You need to use the Files and Processes payload. Look for the section called "Execute Command". add "software update -aiR" to that section. 

Files and Processes.png

Reply

CYL
New Contributor II
In response to bwoods

Posted on ‎09-16-2021 06:44 AM

@bwoods for this method I won't need any other scripts or sectioned configured I suppose?

Reply

bwoods
Valued Contributor
In response to CYL

Posted on ‎09-16-2021 11:43 AM

Correct, no packaging required. This payload will just run the softwareupdate command.

0 Kudos
Reply

ooshnoo
Valued Contributor

Posted on ‎11-05-2021 06:02 AM

@CYL Did you get this working?  If so, can you share your final policy details?

0 Kudos
Reply