macOS High Sierra Upgrade methods/options

bpavlov
Honored Contributor

I updated my OS script to support High Sierra. It also adds FV authenticated restarts. I hope to potentially add another big feature in the future, but that's it for now.

https://babodee.wordpress.com/2017/09/26/update-to-macos-upgrade-script/

I know I'm not the only one who is working on this. Feel free to share your upgrade methods and/or scripts to upgrade to macOS High Sierra. Curious to see what others are coming up with.

Here are links to other methods used for Sierra:
https://github.com/kc9wwh/macOSUpgrade

https://github.com/ToplessBanana/tutorials/tree/master/HOW-TO-self-service-macOS-upgrades

And a huge discussion for Sierra where a few other methods are discussed:

https://www.jamf.com/jamf-nation/discussions/22731/in-place-macos-sierra-upgrade-script

74 REPLIES 74

Rosko
Contributor II

@spraguga does the target version in the script parameter match the version you have packaged in the DMG?

spraguga
Contributor

@Rosko No, I'd didn't even realize I actually downloaded 10.13.5. I was putting in 10.13.4. Well I know that part works. All set now! Thanks!

anniwayy
New Contributor III

Hi @Rosko ,

is it possible to not convert to APFS and leave it as it is to speed up the upgrade. or wouldn't you recommend doing so?

I know there is an option to not convert during osinstall.

thanks in advance ce and great work on the script

Rosko
Contributor II

@anniwayy I do not have it as an option in the script, but it could be added on line 346 (v2.6.1) easy enough. I didn't include it as an options, because HFS+ is being deprecated in favor of APFS. For this reason alone, I did not add a option within the script to choose between APFS or HFS+.

anniwayy
New Contributor III

@Rosko thanks! got it

lstrm
New Contributor II

Hello,

We're trying to use @Rosko 's script to do in place upgrades. But I'm a little confused as to what I should insert for parameter 6. TBH, I'm not too sure on how to use custom triggers just yet. Any help would be great! Thanks!

sbirdsley
Contributor

Trigger 6 should be the policy trigger for the policy you setup to download and install the pkg that installs the "Install macOS High Sierra.app " onto the system to be used/called

spraguga
Contributor

@lstrm When you create the new download policy this should install to here:
/Applications/Install macOS High Sierra.app

For the Trigger, check "Custom" and enter a "Custom Event". You should enter something that makes sense to what the policy actually is like DLHIGHSIERRA. I always use caps for my custom event triggers but you don't have to.

A policy with a Custom only trigger can only be executed by the Custom Event. For example, from the command line on a user's Mac like this:
jamf policy -event DLHIGHSIERRA

Whatever you put in the Custom Event field is what you should put in parameter #6. For my example above you would put DLHIGHSIERRA

lstrm
New Contributor II

Right on @sbirdsley and @spraguga thanks for the info! I'll try this out and report back!

lstrm
New Contributor II

Hello again,

I've done what @spraguga suggested but after the download, the jamf daemon keeps checking for a policy using the custom trigger....
I get this error "Checking for policies triggered by "DLHIGHSIERRA" for user "xxxx"

sbirdsley
Contributor

Do you have the policy the download is setup with scoped correctly to the machine you are trying to run it on?

lstrm
New Contributor II

Yes.. For right now it's going to one test machine. When I run the policy through self service, it goes through the prompt "We nee to download macOS High Sierra to your computer..." Then after that, it gets stuck with that error.

sbirdsley
Contributor

To confirm the test machine is added to the scope of your "DLHIGHSIERRA" policy? What is the frequency of this policy set to?

lstrm
New Contributor II

Hi @sbirdsley

Yes the test machine has been added to the scope. Right now the policy is set for once per computer.

Cayde-6
Valued Contributor

I am getting the same issue, did you manage to figure out why you kept getting the initial download message?

Cayde-6
Valued Contributor

Here is the log file I can find, ^CScript exit code: 0 is where I CONTROL+C to kill the script

P52265:tmp root# P52265:tmp root# jamf policy -event START_HS_UPGRADE
Checking for policies triggered by "START_HS_UPGRADE" for user "p52265"...
Executing Policy macOS Upgrade to High Sierra
Running script macOS Upgrade to High Sierra...
^CScript exit code: 0
Script result: Power Check: ERROR - No AC Power Detected
Disk Check: OK - 470642335744 Bytes Free Space Detected
Downloading macOS Installer...
Checking for policies triggered by "recurring check-in" for user "p52265"...
No policies were found for the "recurring check-in" trigger.
Checking for patches...
No patch policies were found.
Downloading macOS Installer...
/Library/Application Support/JAMF/tmp/macOS Upgrade to High Sierra: line 123: 27024 Terminated: 15 /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType hud -windowPosition $dlPosition -title "$title" -alignHeading center -alignDescription left -description "$dldescription" -lockHUD -icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/SidebarDownloadsFolder.icns" -iconSize 100
Checking for policies triggered by "recurring check-in" for user "p52265"...
No policies were found for the "recurring check-in" trigger.
Checking for patches...
No patch policies were found.
Downloading macOS Installer...
/Library/Application Support/JAMF/tmp/macOS Upgrade to High Sierra: line 123: 27113 Terminated: 15 /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType hud -windowPosition $dlPosition -title "$title" -alignHeading center -alignDescription left -description "$dldescription" -lockHUD -icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/SidebarDownloadsFolder.icns" -iconSize 100
Checking for policies triggered by "recurring check-in" for user "p52265"...
No policies were found for the "recurring check-in" trigger.
Checking for patches...
No patch policies were found.
Downloading macOS Installer...
/Library/Application Support/JAMF/tmp/macOS Upgrade to High Sierra: line 123: 27201 Terminated: 15 /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType hud -windowPosition $dlPosition -title "$title" -alignHeading center -alignDescription left -description "$dldescription" -lockHUD -icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/SidebarDownloadsFolder.icns" -iconSize 100
Checking for policies triggered by "recurring check-in" for user "p52265"...

I'm in a continuous loop where the "We need to download macOS High Sierra to your computer" jamfhelper message

Cyrano5
New Contributor II

I am having an issue with the script and wondering if the version listed on 'Install macOS High Sierra.app' should be the one listed in 'Get Info'. Currently I have the script set to 10.13.6, but 'Get Info' states that it is 13.6.22ddfa2bdb064470dafe13c2d612334cc

Cyrano5
New Contributor II

@LewisB Did you every find a resolution to your issue. I am in the same boat as you.

bpavlov
Honored Contributor

@Cyrano5 @LewisB which script are you guys running?

Cyrano5
New Contributor II

I am using the script from https://github.com/kc9wwh/macOSUpgrade.

Here are the variables.
For the OS Version, I have tried 10.13.6, 10.13.6.02, and 13.6.02 since the installer in the above image shows the version to be 13.6.02.

0385f9bf39dc4561aabcea96c539a89f

bpavlov
Honored Contributor

@Cyrano5 I think you're putting the values in the parameter labels rather than the parameter field. Here's a link on Parameter Labels: https://derflounder.wordpress.com/2014/03/20/setting-parameter-labels-in-casper/

Cyrano5
New Contributor II

cfa292a9656f42858cc952e2766621cf
So I reset the labels to just use the default $4, $5, etc. Then I entered the values into the fields in the script portion of the policy and the results ended up being the same. I get the HUD stating 'We need to download macOS High Sierra to your computer, this will take several minutes", this just seems to run in a cycle as previously mentioned by other users.

I know I am missing something obvious, just I just can't see it.

And for clarification, this is the policy that is referenced in the 'download-high-sierra-install' trigger. (I deleted the name of the policy in the screen shot, just think of it as High Sierra Cache)
It's a simple Composer package that puts the 'Install macOS High Sierra.app' in /Applications.
If I run this policy be itself in Self Service, it puts 'Install macOS HighSierra.app' in /Applications without issue.

7548356797414f489a8ce36a80a909a9

Ke_ReM
New Contributor III

Firstly, thanks for these scripts, hopefully will save me a heap of time and other methods I tried seemed to fail.

EDIT: Not sure why but after checking GitHUB again, seems i was using an earlier version 2.6.x of Roskos' script rather than the latest 2.7.2

Testing again with latest, if it corrects the issue I will update below...

Update: Ok now I get a failed to download notification after the loop which is better (thanks for that). I was starting to think that it had something to do with the location of the installer on the device as the download notification kicks in and loops as if it is not detecting the downloaded app. So seems like it has something to do with where it thinks it should look for the app?

That should surely be the $OSInstaller variable which is: /Applications/Install macOS High Sierra.app

scratches head more

Update2: In the end I went with BP's script and that seemed to work better. I also went with 2 seperate policies in the end instead of 1. 1 to download the installer and the second to install it on devices scoped to a smart group that looks for devices with the installer there and that meet other requirements such as minimum os etc.

Thanks.

asher_wilkinson
New Contributor III

Running into an issue using this: https://github.com/kc9wwh/macOSUpgrade

We're trying to set this up for use from self-service, but when using it from a user's network account, we get prompted for admin credentials. Is there a way we can set this up to bypass the admin prompt so end-users can run this independently?

privatepilot
New Contributor II

Is this working with High Sierra 13.6.02 as I get download failed even though if I run the download policy separate it downloads fine?

allanp81
Valued Contributor

I'm having issues using this method and I can't for the life of me figure out what's going wrong.

The update starts running via self service no problem, it downloads the installer via a policy with custom trigger just fine, starts the startosinstaller and then restarts and comes up with the black background, white apple logo and progress bar with countdown.

What I can't figure out though is that it seemingly finishes and drops the mac back to the login screen, seemingly done. If you click a few times in the right time it clearly shows OS is now 10.13.6 (have tried going from 10.11.x and 10.12.x). If I ssh in and run sw_vers -productVersion is also confirms 10.13.6. The JSS doesn't seem to be aware of this though, even though one of the tasks in the "usr/local/jamfps/finishOSInstall.sh" file is to do a recon.

As soon as I log in as a user, it then immediately brings up the same black screen, white logo and progress bar again for over 10 minutes and then just returns to the login screen without any more restarts.

Has anyone experienced this behaviour? Is this normal?

mark_mahabir
Valued Contributor

@allanp81 Yes, it is being discussed here.

I believe you get the login screen if the user attempting to upgrade is a Standard user, and not an Administrator.

allanp81
Valued Contributor

@mark.mahabir I'm not sure if that's the case as I've got 2 machines I'm testing on and 1 has an admin user initiate and the other is a standard user and they both exhibit the same issue 😞

allanp81
Valued Contributor

I'm wondering if the issue is because the startosinstall is initiated as root, rather than the logged in user?

Gabnxe
New Contributor II

Will this method work to upgrade HFS+ on spinny drives to APFS & Mojave?

allanp81
Valued Contributor

If they are supported then yes, in theory it will. The High Sierra upgrade from El Capitan and Sierra HFS+ certainly updates them to APFS, although I only have SSD Macs now.

allanp81
Valued Contributor

I've noticed a few annoying things that the macOS updater does after finishing the upgrade, the main annoying one being that it seems to remove any customisations you've done to the user template(s). I know that Apple recommend against doing this but it's so annoying that it clearly just wipes the templates and recreates again.

allanp81
Valued Contributor

Oh another thing I noticed is that the /var/log/jamf.log also gets wiped out during the upgrade, so might be worth taking a copy of this before initiating the upgrade.

JMenacker
New Contributor III

Is anyone using Apple School Manager and VPP to deploy the latest OS X upgrade(s) via JAMF Self Service? Seems like there should be a way to do this cleanly but I'm unable to include any script to help avoid further user interaction since VPP deployment does not have any straightforward way of including the "startosinstall" or any other script. Any advice or insigts are greatly appreciated. Thanks!

ryan_ball
Valued Contributor

@JMenacker A user has to be logged into the system to run the startosinstall command. With VPP you could simply get the installer.app on the device, that is it. You'd then have to have a policy scoped to a smart group of machines (smart group of devices with the installer present), that has a script leveraging the startosinstall command.

If you wanted something automatic, you'd have to write a script that checked for the installer.app, checked for a logged in user, if there is somebody logged in then alert them (or not) and execute the startosinstall command.

Based on your post though, I would recommend https://github.com/kc9wwh/macOSUpgrade if you don't want to script something yourself. It is a nice way to allow a user the opportunity to upgrade their Macs from Self Service. You can also notify them of the policy via Self Service Notifications.