Posted on 03-28-2017 04:53 AM
hey guys, anyone else seeing this error when trying to create a macOS upgrade via Self Service?
Executing Policy Install macOS Sierra Upgrade
Installing macOS 10.12.4 Installer.dmg...
Preparing for in-place OS upgrade...
Failed to copy file to the install data folder. Failed to copy /Volumes/OS X Base System/Install macOS Sierra.app/Contents/Resources/brtool to /OS X Install Data/brtool: The file “brtool” couldn’t be opened because there is no such file.
Closing package...
This doesn't work with 9.97 and 9.98. The installer was created via dragging and dropping the downloaded macOS App Store installer into Casper Admin, as always.
Was there anything changed with the 10.12.4 installer which Jamf wasn't aware of?
Posted on 03-28-2017 04:57 AM
Hey,
brtool has moved in 10.12.4, see https://twitter.com/mikeymikey/status/846445316790370305
I guess an update for Casper Admin is needed to fix it.
Posted on 03-28-2017 07:39 AM
Yes, duplicated this morning. Looks like jamf will have to fix!
Posted on 03-28-2017 10:24 AM
Can confirm, same issue.
Posted on 03-28-2017 10:59 AM
Ran into this exact issue yesterday while setting up our Self Service MacOS upgrade workflow. Good to see I'm not alone.
Posted on 03-29-2017 11:46 AM
+1
Thanks for the sanity check!
Posted on 03-29-2017 11:46 AM
+1
Thanks for the sanity check!
Posted on 03-29-2017 02:17 PM
Same here! Was just attempting to put in place a Sierra upgrade policy in Self Service for the first time and ran into this. :-)
Posted on 03-29-2017 05:04 PM
+1
I thought it was just me. But I have tried uploading via Casper Admin twice, and have tried to install via Self Service 5 times. It always fails.
Thankfully I found this discussion :)
Extra note: The macOS 10.12.4 combo update works. We've tested this via push update to any MacBook that is 10.12.x and it works fine.
Posted on 03-30-2017 03:17 AM
+1 same for us
Posted on 03-30-2017 03:22 AM
Hi all try this,
https://github.com/kc9wwh/macOSUpgrade
Best Benoit
Posted on 03-30-2017 05:47 AM
+1 too.
Same problem for us.
Posted on 03-30-2017 09:19 AM
Hi,
It's working with the scripts thanks to Laurent Pertois for sharing an thanks to Joshua Roskos for this.
We just adapt a little bit the script for 10.12.4 because some option are no more present in the .app installer
Line 79 to 86
if [ -d /Users/Shared/Install macOS Sierra.app ]; then
installerPresent="OK"
/bin/echo "Installer present: OK - the installer is in /Users/Shared"
else
installerPresent="ERROR"
/bin/echo "Installer present: ERROR - the installer is not in /Users/Shared"
fi
Line 118
/bin/mkdir -p /usr/local/jamfps
Line 164
if [[ ${pwrStatus} == "OK" ]] && [[ ${spaceStatus} == "OK" ]] && [[ ${installerPresent} == "OK" ]]; then
Line 179 /Users/Shared/Install macOS Sierra.app/Contents/Resources/startosinstall --applicationpath /Users/Shared/Install macOS Sierra.app --agreetolicense --pidtosignal $jamfHelperPID &
On our side all is working with this workflow
Posted on 03-30-2017 09:53 AM
I have added the Sierra Install using Device based Distribution from VPP to see if that works for my staff (slow rollout)
.Update: Staff have rights to App Store, but this unfortunately prompts for admin pw. boo
Posted on 03-30-2017 10:14 AM
Quick correction Line 179
Posted on 03-30-2017 10:19 AM
Quick correction Line 179
Posted on 03-31-2017 11:35 AM
Would you mind posting the full, edited script?
Posted on 03-31-2017 11:48 AM
Normally, I would create an in-place upgrade policy that would install the cached installer package (that i cached with a previous policy) and then reboot to the installer with a restart option (see attached fig 1 and fig 2).
If I choose to use the script provided here, along with created a dmg of the installer and placing it in Users/Shared, do i still handle the overall policy the same with the added script?
1. Do i run the script as an "after" script or a "at reboot" script?
2. Do i set the policy restart options still to specify the start up disk as "OS X Installer"?
Thanks!
Posted on 04-03-2017 02:32 AM
I second what @stwrz said. :)
It would be nice to have the entire verified-as-working script, if you wouldn't mind sharing it, @bdelamarche . :)
Posted on 04-03-2017 08:48 AM
I found out the hard way that I should also have a check in the script to verify that encryption of the disk has completed. I dropped a section in for that. This is what my "complete" version of the script is, but it won't be verified until I try to run through it again. The caveat to this as it is written, is that the disk must be encrypted. If other environments don't require this then just ignore that section.
#!/bin/bash
##
## Updated with comments posted in: https://www.jamf.com/jamf-nation/discussions/23551/macos-10-12-4-upgrade-via-self-service-fails#respond
##
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# Copyright (c) 2017 Jamf. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# * Neither the name of the Jamf nor the names of its contributors may be
# used to endorse or promote products derived from this software without
# specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY
# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# This script was designed to be used in a Self Service policy to ensure specific
# requirements have been met before proceeding with an inplace upgrade to macOS Sierra,
# as well as to address changes Apple has made to the ability to complete macOS upgrades
# silently.
#
# REQUIREMENTS:
# - Jamf Pro
# - macOS Sierra Installer must be staged in /Users/Shared/
#
#
# For more information, visit https://github.com/kc9wwh/macOSUpgrade
#
#
# Written by: Joshua Roskos | Professional Services Engineer | Jamf
#
# Created On: January 5th, 2017
# Updated On: March 9th, 2017
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# USER VARIABLES
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
##Enter 0 for Full Screen, 1 for Utility window (screenshots available on GitHub)
userDialog=0
##Title to be used for userDialog (only applies to Utility Window)
title="macOS Sierra Upgrade"
##Heading to be used for userDialog
heading="Please wait as we prepare your computer for macOS Sierra..."
##Title to be used for userDialog
description="
This process will take approximately 5-10 minutes.
Once completed your computer will reboot and begin the upgrade."
##Icon to be used for userDialog
##Default is macOS Sierra Installer logo which is included in the staged installer package
icon=/Users/Shared/Install macOS Sierra.app/Contents/Resources/InstallAssistant.icns
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# SYSTEM CHECKS
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
##Check if installer is present
if [ -d /Users/Shared/Install macOS Sierra.app ]; then
installerPresent="OK"
/bin/echo "Installer present: OK - the installer is in /Users/Shared"
else
installerPresent="ERROR"
/bin/echo "Installer present: ERROR - the installer is not in /Users/Shared"
fi
##Check if Disk is encrypting
encryption=$( diskutil cs list | grep "Conversion " )
if [[ ${encryption} == *"Complete"* ]]; then
encStatus="OK"
/bin/echo "Encryption Check: OK - Not Encrypting"
else
encStatus="ERROR"
/bin/echo "Encryption Check: ERROR - Encryption In Process"
fi
##Check if device is on battery or ac power
pwrAdapter=$( /usr/bin/pmset -g ps )
if [[ ${pwrAdapter} == *"AC Power"* ]]; then
pwrStatus="OK"
/bin/echo "Power Check: OK - AC Power Detected"
else
pwrStatus="ERROR"
/bin/echo "Power Check: ERROR - No AC Power Detected"
fi
##Check if free space > 15GB
osMinor=$( /usr/bin/sw_vers -productVersion | awk -F. {'print $2'} )
if [[ $osMinor -ge 12 ]]; then
freeSpace=$( /usr/sbin/diskutil info / | grep "Available Space" | awk '{print $4}' )
else
freeSpace=$( /usr/sbin/diskutil info / | grep "Free Space" | awk '{print $4}' )
fi
if [[ ${freeSpace%.*} -ge 15 ]]; then
spaceStatus="OK"
/bin/echo "Disk Check: OK - ${freeSpace%.*}GB Free Space Detected"
else
spaceStatus="ERROR"
/bin/echo "Disk Check: ERROR - ${freeSpace%.*}GB Free Space Detected"
fi
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# CREATE FIRST BOOT SCRIPT
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
/bin/mkdir -p /usr/local/jamfps
/bin/echo "#!/bin/bash
## First Run Script to remove the installer.
## Clean up files
/bin/rm -fdr /Users/Shared/Install macOS Sierra.app
/bin/sleep 2
/usr/local/jamf/bin/jamf recon
## Remove LaunchDaemon
/bin/launchctl unload -w /Library/LaunchDaemons/com.jamfps.cleanupOSInstall.plist
/bin/rm -f /Library/LaunchDaemons/com.jamfps.cleanupOSInstall.plist
exit 0" > /usr/local/jamfps/finishOSInstall.sh
/usr/sbin/chown root:admin /usr/local/jamfps/finishOSInstall.sh
/bin/chmod 755 /usr/local/jamfps/finishOSInstall.sh
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# LAUNCH DAEMON
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
/bin/echo "<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.jamfps.cleanupOSInstall</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/jamfps/finishOSInstall.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>" > /Library/LaunchDaemons/com.jamfps.cleanupOSInstall.plist
##Set the permission on the file just made.
/usr/sbin/chown root:wheel /Library/LaunchDaemons/com.jamfps.cleanupOSInstall.plist
/bin/chmod 644 /Library/LaunchDaemons/com.jamfps.cleanupOSInstall.plist
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# APPLICATION
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
if [[ ${pwrStatus} == "OK" ]] && [[ ${spaceStatus} == "OK" ]] && [[ ${installerPresent} == "OK" ]] && [[ ${encStatus} == "OK" ]]; then
##Launch jamfHelper
if [[ ${userDialog} == 0 ]]; then
/bin/echo "Launching jamfHelper as FullScreen..."
/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &
jamfHelperPID=$(echo $!)
fi
if [[ ${userDialog} == 1 ]]; then
/bin/echo "Launching jamfHelper as Utility Window..."
/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "$title" -icon "$icon" -heading "$heading" -description "$description" -iconSize 100 &
jamfHelperPID=$(echo $!)
fi
##Begin Upgrade
/bin/echo "Launching startosinstall..."
/Users/Shared/Install macOS Sierra.app/Contents/Resources/startosinstall --applicationpath /Users/Shared/Install macOS Sierra.app --agreetolicense --pidtosignal $jamfHelperPID &
/bin/sleep 3
else
/bin/echo "Launching jamfHelper Dialog (Requirements Not Met)..."
/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "$title" -icon "$icon" -heading "Requirements Not Met" -description "We were unable to prepare your computer for macOS Sierra. Please ensure you are connected to power and that you have at least 15GB of Free Space.
If you continue to experience this issue, please contact the IT Support Center." -iconSize 100 -button1 "OK" -defaultButton 1
fi
exit 0
Posted on 04-03-2017 09:15 AM
The issue is described here: https://babodee.wordpress.com/2017/03/29/startosinstall-updated-in-macos-10-12-4-app-installer-and-c...
I updated my script to account for the change between 10.12.3 and 10.12.4, but you can just use other scripts and change the line that uses the startosinstall
tool accordingly to remove the --volume /
flag.
Posted on 04-03-2017 02:49 PM
Hey all,
We're aware of this issue and have it filed under PI-003792.
If you haven't already, and would like to get a case attached to PI-003792, please get in touch with Support.
Thanks!
Amanda Wulff
Jamf Support
Posted on 04-11-2017 09:05 AM
@bpavlov what would be the easiest/best way to suppress the login wizard using the process from your link? I don't really want it prompting my users for FileVault and analytics data. Otherwise it worked, and the feedback is helpful to the end user(s).
Posted on 04-11-2017 09:12 AM
@jwojda I'm not sure I follow. My script doesn't prompt for the FileVault credentials. Not sure what you mean by analytics data either. With that said, it might not be a bad idea to add a FileVault component so that it's not required upon restart (make this optional of course). Thanks for the idea.
Posted on 04-11-2017 09:16 AM
@bpavlov It would be to suppress the Apple startup wizard thing. Sign in to iCloud, Setup FV, send crash data to Apple, turn on Siri, etc. I know your script doesn't do that, but wondering what would be the best options to do so, so the users get a more seamless experience.
Posted on 04-11-2017 01:05 PM
None of that would be managed by my script as you've mentioned. But some ideas that come to mind to handle what you've mentioned (and others may have better suggestions): Configuration profiles would probably be the go to where possible. You can block all iCloud services with the Restrictions payload. I believe I saw there was an pref you can manage with a custom config profile to block Siri. The send diagnostics is in the Security and Privacy payload. And the enforcing FV I think you can probably do with a policy. You can also deploy a config profile to redirect FV keys to the JSS.
Posted on 04-14-2017 05:57 AM
I'm a little confused. Is this problem for the full-blown macOS Sierra 10.12.4 installer (for when you're running El Capitan or Yosemite and want to fully upgrade) or does this problem happen with the incremental 10.12.4 updater (for when you're already running 10.12.x<4) ? I've been holding off on putting the 10.12.4 updater in Self Service until I am 100% clear on it.
Posted on 04-14-2017 10:10 AM
@AVmcclint I am distributing the 10.12.4 incremental and combo updates within my organization. I am first scoping to those requiring the 10.12.4 combo update (those currently with 10.12.0-10.12.2 installed) and the incremental update (those currently with 10.12.3 installed) and then caching the installers to their Waiting Room folder. Once it has cached, I run a script once daily that present them with a Jamf Helper window which simply suggests that they perform the update in Self Service. Here's the script I am using and have had very good success with.
#!/bin/bash
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Created by Sepie Moinipanah
# April 13, 2017
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# jamfHelper Variables
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
loggedInUser=$(stat -f%Su /dev/console)
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
windowType="hud"
description="The <OrgName> Helpdesk has prepared a macOS Sierra 10.12.4 update for your computer and asks that you please perform this task within 10 days. Please note that this process will require approximately 15-20 minutes and a reboot to complete.
• To initiate this process now, click 'UPDATE' below and select the macOS Sierra icon once Self Service has launched.
• To defer, click 'Cancel'.
If you have any questions or require assistance, please call +1 (###) ###-HELP."
button1="UPDATE"
button2="Cancel"
icon=/Applications/Utilities/Disk Utility.app/Contents/Resources/AppIcon.icns
title="Update Available: macOS Sierra 10.12.4"
alignDescription="left"
alignHeading="center"
defaultButton="2"
cancelButton="2"
timeout="300"
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# System Checks
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Verify that macOS device is utilizing a power adapter or battery
pwrCheck=$( /usr/bin/pmset -g ps )
if [[ ${pwrCheck} == *"AC Power"* ]]; then
pwrStatus="OK"
echo "Power Check: OK - AC Power Detected"
else
pwrStatus="ERROR"
echo "Power Check: ERROR - No AC Power Detected"
fi
# Verify that macOS device has not updated to 10.12.4 since inventory updates are performed once daily
verCheck=$( /usr/bin/sw_vers -productVersion )
if [[ $verCheck == 10.12.4 ]]; then
verStatus="macOS 10.12.4 Detected"
echo "Update Not Needed"
else
verStatus="macOS 10.12.4 NOT Detected"
echo "Update Needed"
fi
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# jamfHelper Window
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
if [[ "$pwrStatus" == "OK" ]] && [[ "$verStatus" == "macOS 10.12.4 NOT Detected" ]]; then
userChoice=$("$jamfHelper" -windowType "$windowType" -lockHUD -title "$title" -timeout "$timeout" -defaultButton "$defaultButton" -cancelButton "$cancelButton" -icon "$icon" -description "$description" -alignDescription "$alignDescription" -alignHeading "$alignHeading" -button1 "$button1" -button2 "$button2")
echo "Jamf Helper was launched!"
else
echo "The macOS device power check failed and/or no longer requires 10.12.4 update! Collect inventory and exit."
jamf recon
exit 0
fi
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Logging
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
if [ "$userChoice" == "0" ]; then
echo "User clicked UPDATE; now launching Self Service."
/bin/launchctl asuser "$(id -u $loggedInUser)" sudo -iu "$loggedInUser" open -a /Applications/Self Service.app
elif [ "$userChoice" == "2" ]; then
echo "User clicked Cancel or timeout was reached; now exiting."
exit 0
fi
H/t to @Rosko for the pwrCheck variable :)
pwrCheck=$( /usr/bin/pmset -g ps )
if [[ ${pwrCheck} == *"AC Power"* ]]; then
pwrStatus="OK"
echo "Power Check: OK - AC Power Detected"
else
pwrStatus="ERROR"
echo "Power Check: ERROR - No AC Power Detected"
fi
Posted on 04-14-2017 12:38 PM
@Jason ... just FYI, your script keeps failing for me on the Disk Check portion, reporting 1GB free space on a machine with 1.07TB available. Looks like logic needs to be tweaked when $freeSpace returns a value in TB instead of GB on line 120.
Posted on 04-14-2017 01:05 PM
@Taylor.Armstrong That part was from the original script. It looks like they're grabbing a line that looks like this on my machine: Volume Available Space: 155.8 GB (155812741120 Bytes) (exactly 304321760 512-Byte-Units) (31.2%)
print $4 would return "155.8". You could try also using awk to pull $5 to see if the system is GB or TB, and compensate for that. All of our systems are using 500GB drives, so we didn't run into that.
Posted on 04-17-2017 06:08 AM
@AVmcclint This is only for when you use the full 10.12.4 installer from the Mac App Store.
Posted on 04-17-2017 06:45 AM
@bpavlov thanks for the clarification. One thing I have noticed with the 10.12.3 and 10.12.4 updaters - even when run outside of JSS and Self Service - is that the final reboot that should take you to your desktop sometimes hangs right at the iCloud login screen. Sometimes It hangs before actually displaying the window where you can choose to login or Skip. There was one time I got the window but there was no content within and no buttons to click until after about 5 minutes. I'm afraid that these unexpected and unusual hangs right in the home stretch of the updates users will get impatient and for the computer to reboot and who know what will happen then.
It is annoying that I'm using a config profile to disable all the Siri setup, iCloud, and other first-time user setup screens but these updates seem to disregard those settings.
Posted on 04-24-2017 10:29 AM
The workflow that @Rosko built for this works awesome, TYVM @Rosko ! I have a restriction in place for the "Install macOS Sierra.app" file so in my testing I had to add an exemption for the computer I was testing. To deploy this in mass, anyone have a recommendation of how to use "Install macOS Sierra.app" while restricting any type of OS install from the mac app store?
Posted on 04-24-2017 02:33 PM
@TomDay The easiest away around the Software Restrictions is to just rename the installer before you stage/cache it on the systems. Then it won't even be noticed. Otherwise you'd want to look at adding an API call to add that computer that is installing Sierra via the script to the exclusions either directly or via a static group.
Posted on 04-25-2017 11:36 AM
@Rosko That worked perfectly, thank you. Follow up question if you don't mind? On the script, is it possible for me to add some lines to the First Boot section that will disable iCloud, Diagnostic and Siri pop-up settings?
Posted on 04-25-2017 08:11 PM
@TomDay You are more than welcome to try, but I didn't have the greatest luck and would get mixed results with about a 50/50 success rate. I'm sure it's all in the timing, but I couldn't get in nailed down in the time I had. Please let me know if you do get it working though, would be happy to add it to the repo.
Posted on 04-25-2017 08:24 PM
We're using this one and it's been working well. https://github.com/bp88/JSS-Scripts/blob/master/OS_Upgrade.sh
Posted on 04-26-2017 06:28 AM
@TomDay I went the route of manually installing some profiles to suppress those items. Then after the system is upgraded I remove the profiles. I didn't have good luck when I tried disabling those items through scripting.
Posted on 04-26-2017 08:34 AM
@TomDay Tom you're best using a launchdaemon or boot policy to write the appropriate plist values to each account on each boot. Otherwise they will return when a macos service update is released.
Posted on 04-26-2017 12:43 PM
@Rosko gave it a shot and like you mentioned mixed results so I'm not going to tinker with that anymore. Will use a method of launch daemon and script to set the values like @seann mentioned thx for that @seann , testing now.
@lashomb Wow that script is awesome! Tested on a few devices and tweaking that for our environment now, thx for sharing that! How do you handle running Apple Software Updates after that OS gets upgraded? I'm finding it needs a few like iTunes etc.