- Jamf Nation Community
- Products
- Jamf Pro
- mac osx updates
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-03-2024 12:40 AM
Hey
I seem to be having issues with end users being able to install osx updates on their macs managed by jamf, the users are prompted for the password to upgrade to 14.0 but won't accept the user's password when being prompted is anyone seeing this or have we set this somewhere in jamf pro. I am having to log them out login as admin and update the mac
Thanks
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-03-2024 05:49 AM
Yep, it's an admin access check. If the user had admin access the box would be prefilles with their username, and they would enter their password to continue. Since the user does not have admin access, macOS leaves the box blank as to not reveal what accounts on the device have admin access.
Put a few devices in a static or smart group. Search up the group and issue a mass action to update the devices to macOS 14.2.1 and see what happens. My bet is they will update. If you want to use JAMFs Software Update tool you will need to use a smart group. Both mass actions and the software update tool do basically the same thing.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-03-2024 01:01 AM
Hi,
Check if the user is a volume owner
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-03-2024 04:18 AM
To echo what Ryy, said, could you check volume ownership: https://support.apple.com/en-gb/guide/deployment/dep24dbdcf9e/web
Run the command below to get a list of user GUIDs:
sudo diskutil apfs listUsers /
And then run the command below to cross reference the GUIDs to the usernames:
sudo fdesetup list -extended
I'm interested in what you see/get as we have a couple of Macs where the AD password is respected for unlocking/changing preferences, but the user can't be enabled in FileVault. My team have tried:
- Took off the domain and re-binded
- Disabled filevault re-enabled (had to use it_admin as it gives invalid password for user account)
- Removed the user as local admin and then re-enabled
Might not be the same issue, just curious to see if it might be related. For us, its happening on macOS 14.2.1 installs.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-03-2024 05:27 AM
Just because I have to be a troll. Apple retired OS X 8 years ago when they released macOS 10.12 Sierra. The last release of OS X was OS X 10.11 El Capitan. I do not see anyone having a good time trying to install OS X updates at this point. Apple also retired macOS 10.x when they moved up to MacOS 11 with MacOS 11 Big Sur. The last release of macOS 10 was 10.15 Catalina. Apple is very picky about their branding and style guidelines.
Trolling aside, the access a user needs depends on what updates are being installed and the architecture of the device.
- Apple Silicon:
- Minor OS updates (13.1 > 13.2) require Volume Ownership.
- Major OS updates (13 > 14) require both Administrative Access AND Volume Ownership.
- Intel:
- All Updates require Administrative Access as Volume Ownership is not a concept on x64 macOS.
I would verify the users have Volume Ownership if the users have Apple Silicon Macs as you really want them to have this to be able to install minor OS updates. If the devices are Intel Macs or the users are needing to install a Major OS update on an Apple Silicon Mac I would verify Admin Access as administrative access is required for this. Ultimately the "correct" way to install updates is using MDM commands from JAMF which does not care what the users access level is. Never mind how unreliable OS updates are with macOS.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-03-2024 05:34 AM
Thanks for the trolling 🤣 we only have M series or Apple Series or Apple M 😂 Imacs no intel stuff , OS versions are 13 we trying to upgrade to 14 users get prompted to do the upgrade it then gives them password box but does specify a user, I was going to use the built-in patching tool in the jamf portal but never used it before i was just trying to get few end user to upgrade. I will review all your notes
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-03-2024 05:49 AM
Yep, it's an admin access check. If the user had admin access the box would be prefilles with their username, and they would enter their password to continue. Since the user does not have admin access, macOS leaves the box blank as to not reveal what accounts on the device have admin access.
Put a few devices in a static or smart group. Search up the group and issue a mass action to update the devices to macOS 14.2.1 and see what happens. My bet is they will update. If you want to use JAMFs Software Update tool you will need to use a smart group. Both mass actions and the software update tool do basically the same thing.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-10-2024 03:23 AM
Thank you for answering, you made my day.
