Jamf Nation Community

Install macOS 12 Beta.app

Looks like

Install macOS 12 Beta.app

is the string to block

If you block the process named "InstallAssistant" that should block any variant of the "Install macOS..." app

I already block the InstallAssistant process, so we might be ok, but I'll be adding in a new "Install macOS 12 Beta.app" Restricted Software item just in case.

As an aside, it seems Apple is now going to jump the main version number with each new OS release. We went from many years of 10.x.x versions to 11.x last year and now 12.x. It will be interesting to see if they continue with that numbering convention for the long haul.

I hope so. That might mean we actually get update releases of macOS Big Sur with incremented version numbers once macOS Monterey ships rather than the innumerable Builds there have been for macOS Catalina 10.15.7

@sdagley Hmm, I don't necessarily see how that would mean Apple would ship further Big Sur incremental updates after Monterey ships. I mean, there was literally nothing technical stopping Apple from releasing a macOS 10.15.8 or 10.15.9 point release after Big Sur came out, was there? This is just SOP for Apple. Move on to the new OS and forget about the old one. macOS Big what? Never heard of it!
Of course, in reality they have committed to an N-2 support model, so they still need to provide updates to Big Sur and Catalina once Monterey ships, but they really don't like anyone to focus on that. Hence the boring old build updates and not incremental version updates, if you ask me. Just my 2¢.

That's why I said "might". Sometimes I feel like Apple PR is as involved in the release process as Engineering, and doesn't like seeing large version numbers, or rapid changes in them. That could explain the 14.0.3 and 14.1 versions of Safari where there were two releases of each but the CFBundleShortVerisonString wasn't changed despite a new build number, or the re-release of Catalina Security Update 2021-001 instead of progressing to version 2021-002 like they did for Mojave to pick up the sudo fix from the Catalina Supplemental Security Update.

@mm2270, check Slack.

@mm2270 Do you have a pointer do anything that shows that Apple commits to support the N-2 model? As far as I remember Apple does not commit to anything with respect to supporting it's OS. From what we see we can deduce that for the time being they do support N-2, but having a commitment would be nice.

I also have some hope that we get reasonable minor update numbering in the future, instead of the horrible Security Update numbering and additional Security Updates.

As far as I know macOS now follows the same naming convention as their other OS's, iOS, tvOS, iPadOS, watchOS. So it will increment every year with a major release number just like iOS. I don't know about minor increments for 11.x.x once 12 comes out. Look to what iOS does regarding previous versions and it's a good bet macOS will do the same going forward. That was the whole point of changing the numbering convention to match iOS etc. @mschroder There is no N-2 documentation that I am aware of. We simply know based on what OS versions new patches and security releases are released for, currently 11.x.x, 10.15 and 10.14. Once 12.x.x comes out you will most likely see 10.14 security patch releases stop. Apple want everyone using the latest version of their OS every year.

You can also restrict macOSDeveloperBetaAccessUtility.pkg so that the end user does not see Monterey.

What is the best practice, please, can few Names of the process to restrict be added to Process Name field? Like:

"Install macOS Beta.app", "macOSDeveloperBetaAccessUtility.pkg", "Install macOS 12 Beta.app"

Or any one of those above should be added as separate restricted software record?

Thanks!

You can't restrict multiple processes like that. Simply blocking "InstallAssistant" will prevent the installer GUI form running with all recent versions of the macOS release and beta installers.

@mhasman Only one process can be added per Restricted Software title.

I would just add InstallAssistant and Install macOS 12 Beta.app Those should be enough.

@sdagley , @mm2270 Thank you! I can not block "InstallAssistant" cuz some Macs still should be upgraded to Catalina... There is a little delay with pandemic

@mhasman If you're using a script like macOSUpgrade or erase-install to initiate a Catalina upgrade from Self Service then blocking "InstallAssistant" won't prevent them from running.

@mschroder

I am 98% it was said during a Keynote, just like upgrades every year... 100% sure Tim said that !!! However I don't disagree with your "vibe" ... There are many times where Apple has said one thing and done something else ... :)

C

C

I'd probably want a second pair of eyes to double check my shaky regex, but here is a string to identify devices incompatible with Monterey using the model identifier criteria:

^(iMac[1-9],|iMac1[0-4],[0-4]|MacBook[1-8],|MacBookAir[1-6],|MacBookPro[1-9],|MacBookPro1[0-1],[0-3]|Macmini[1-6],|MacPro[1-5],)

I don't understand why no one has pointed out the Software Update configuration profile that doesn't allow Beta's??
Does it not work for you? Works perfectly for us and allows other Major to Major versions.

@dcgagne I guess this is added to a smart group with Model Identifier and then set as regex?

@MatG You got it

Does anyone have an updated version for this EA which supports Monterey ?
jamf_ea_LatestOSSupported.sh

Does anybody know, how we can block Monterey after release?

Is there a way to block the macOS Monterey using a script.

Hello, anyone how to block Monterey from the Restrictions Software part. We do this with Big Sur and works fine in the past, with Monterey now not, Users able to start the install, As i see you say we can block the InstallAssistant but i have during the start of the upgrade this not in my process list. second here, when we set the restrictions and apply to all computer, correct me this is applied then to all in JAMF, right? Sorry really new to JAMF and lerning a lot at the Moment.

I am having the same issues as others with blocking Monterey. What did work before with Big Sur is no longer working. I am using restricted software to block the actual Install macOS Monterey.app as well as the InstallAssistant. I also have a policy to ignore, but it does not seem to work like it did when i was blocking Big Sur

Run Unix command 'sudo softwareupdate --ignore "macOS Monterey"'
===

The only way i have found is to defer it for 90 days, which i wish they would give a longer time as we are in higher education and only do major upgrades like these in the summer to give us time to test all the software prior

Same as Sbrammer, they only solution right now is the 90 option within Jamf's configuration Profile, under restrictions, and Functionality, the scroll down and change Delay software updates from Major updates the max 90 days.  My companies IS teams takes like 8 months to approve the new releases.

Is there a way to defer the update past 90 days? Would be nice to at least have an option for deferring 180 days. Also, will the restricted software option in Jamf still work?  Would really not like it to show up at all, so the defer option will be great until the 91st day, then will the restricted software still apply? I haven't tested it yet but will work on that today to find out. 

Defer only works for updates not upgrades.  (10.15 to 10.15.2 for example)