M1 mac upgrade to ventura via JAMF

mforeman1
New Contributor III

Hello Anyone could help me on this? Iooks like it needs user intervention before the installation will proceed anyway to bypass it? or any known fix on this? i tried several commands and im still stucked on this one. Thank you very much for your usual assistance.

20 REPLIES 20

mforeman1
New Contributor III

Screen Shot 2022-12-02 at 5.37.16 PM.png

mforeman1
New Contributor III

Here is the screenshot of what i am getting

jtrant
Valued Contributor

You will either need to provide the password for a user account with a Secure Token, or prompt the end-user to enter their password with --passprompt. There is no way around this, other than using the Jamf Pro API to send an MDM command to update the OS.

MrChris
New Contributor III

There is also the option of utilizing grahampugh's fantastic script/packages here: https://github.com/grahampugh/erase-install/wiki

The wiki leads back to the repository. 27.1 is the current version and is working quite well with our fleet.

jtrant
Valued Contributor

Second this, although credentials are still required on Apple Silicon Macs. It's just a more user-friendly way of passing those credentials.

mforeman1
New Contributor III

Yeah that's the thing with M1 Macs but is there any other ways to provide password without user intervention?

This is possible with the latest erase-install (v28, it's in alpha) - https://github.com/grahampugh/erase-install/releases/tag/v28.0alpha

You'd supply username + password of a volume owner in a custom keychain, and then run the script with the --silent flag. I haven't tested it, but it's probably the only thing that will do what you want, on an M1 (aside from MDM commands mentioned above, but as we know those can be unreliable).

Vincenthesse
New Contributor III
Hello,

Indeed, but there is no user interraction and there is no possibility to configure and customize the deferral.

Vincent.

Sure, I was just stating that in response to the user who was asking about pushing without any input specifically.

Erase-install seems to be meant more for Self Service use as opposed to pushing it.

 

You could just push it. If they're Intel, it will just start downloading the latest macOS (with a GUI that shows download progress). If they're M1, they will be prompted for credentials.


Alternatively, you can configure S.U.P.E.R.M.A.N. to work with erase-install which might be what you're looking for.

https://github.com/Macjutsu/super

I can see the link to erase-install in the script, but I couldn't find it in their documentation when I looked. I thought I'd seen it before.

 

 

Vincenthesse
New Contributor III

Hello MrChris, how do you push upgrade with user interaction to alert the user when the computer restart ? Personnaly, we deploy erase install with self service but user don't have time to update the Mac. Currently, we explore superman and the user experience is better because you can put in place a defer counter. How do you force the user to upgrade the Mac ?

greend
New Contributor

You are right! This script works great for M1 Macs. Unfortunately, it is failing on my Intel Macs. Any idea why. It runs the policy but does nothing. The policy says  "2023-02-22 14:28:28 [erase-install] Sending to dialog: quit: 2023-02-22 14:28:29 [get_default_dialog_args] Invoking utility dialog 2023-02-22 14:28:30 [erase-install] User FAILED to confirm erase-install or reinstall." But I do not get a window to confirm.

sdagley
Esteemed Contributor II

@mforeman1 If you're ok with forcing the update from your Jamf Pro console try the following:

1) Do a search for the Mac you want to update (if there's a group of Macs either add them to a Static Group or create a Smart Group and view the result)

2) Click the Action button on the screen showing the list of machines

3) Select "Send Remote Commands" from the Actions list and click Next

4) Select "Update OS version and built-in apps" from the Remote Commands list, select "Specific Version" under Target Version, select "Download and install the update, and restart computers after installation" under Install Action, then click Next

This _should_ tell the targeted Mac(s) to download and update ASAP. It isn't 100% reliable though, especially if a Mac hasn't been restarted fora while. Do _not_ use any of the options that allow the user to defer the update as those are extremely unreliable, at least through macOS Monterey.

mforeman1
New Contributor III

Hello, Thank you!  I've already tried that as well but nothing happens. It got completed in JAMF but the Mac is still on Monterey

sdagley
Esteemed Contributor II

@mforeman1 If the Mac doesn't update to Ventura in a few hours reboot it and try again. Also make sure it's plugged into power if it's a laptop.

AJPinto
Honored Contributor II

Monitor the install logs. You should see something happen in install.log almost instantly after you send the MDM Command. The installer can take hours to finish downloading, then all the scheduling shenanigans. This is not a process I recommend sitting and watching outside of a lab scenario as it will take several hours to do anything.

Vincenthesse
New Contributor III

Yes but in a business context with a lot of call with teleconference tool, this is not possible whitout user interaction to alert the user.

Vincenthesse
New Contributor III

Thank you very much for this answer.

MatthewHegge
New Contributor II

Mass Action commands are not reliable and REALLY hard to track/manage.

AJPinto
Honored Contributor II

The software update MDM Commands being not reliable is not JAMFs fault, that is Apples fault but yes they are totally unreliable. As far as being hard to track and manage, JAMF has absolutely no excuses and has done nothing to make it better over the years.

MatthewHegge
New Contributor II

Was not blaming JAMF, just stating a fact.