Posted on 10-25-2021 07:50 PM
Hi all,
Referring to this macOS installer script.
macOSUpgrade/macOSUpgrade.sh at master · kc9wwh/macOSUpgrade · GitHub
This script works fine for Intel Macbook upgrading to macOS Monterey 12.0.1.
But it does not work with Apple Silicon Macbook 😞
When attempting, I get the following error:
Investigating further, I run the following in a M1 Mabook's terminal.
/Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps
Error: A method of password entry is required.
Usage: startosinstall
.....
The error suggests I need to supply admin username and password via
--user, an admin user to authorize installation.
--passprompt, collect a password for authorization with an interactive prompt.
--stdinpass, collect a password from stdin without interaction.
I want JAMF to execute this. I DO NOT want to need to supply admin account and password.
Anyone got any suggestions?
Solved! Go to Solution.
Posted on 11-04-2021 12:22 AM
Hi there,
I managed to get the upgrade to Monterey running on an M1 macbook via Self Service with the help of a script from https://github.com/therealmacjeezy/Scripts/tree/master/macOS%2010.14%20Update%20Script, it was originally created for upgrading to Mojave but I made some adaptations to get it running for Monterey.
You will need to create the installer package and have it within the self service policy, the install macOS Monterey.app has to be available for the script to work. Got it here: https://scriptingosx.com/2021/10/download-full-installer-update/
Most important - the logged in user has to have a secure token. This user does not necessarily have to be an admin.
this is the main key that triggers upgrade.
echo $fvPass | ./startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass
Posted on 11-09-2021 01:19 PM
Actually I wasn't patient enough. Works like a charm!
11-10-2021 10:41 AM - edited 06-29-2022 11:22 AM
Latest version working on both M1 and Intel macs
#!/bin/bash
# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")
fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} default button "Continue" with text and hidden answer
set fvPass to (text returned of result)
display dialog "Re-enter your macOS password to verify it was entered correctly" buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue" with text and hidden answer
if text returned of result is equal to fvPass then
set validatedPass to true
fvPass
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns"
end if
end repeat
AppleScript
)
##Heading to be used for jamfHelper
heading="Please wait as we prepare your computer for macOS Monterey..."
##Title to be used for jamfHelper
description="
This process will take approximately 20-30 minutes.
Once completed your computer will reboot and begin the upgrade which can take an additional 15-20 minutes."
##Icon to be used for jamfHelper
icon=/Applications/Install\ macOS\ Monterey.app/Contents/Resources/InstallAssistant.icns
##Launch jamfHelper
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &
jamfHelperPID=$!
##Start macOS Upgrade
echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass --pidtosignal $jamfHelperPID >> /var/log/startosinstall.log 2>&1 &
exit 0
edited to include the fix from @benjmars
Posted on 10-25-2021 10:47 PM
Same issue, I hope someone will provide answer 🙂
Posted on 10-26-2021 03:21 AM
If your still using a script calling startosinstall then you have no option but to supply this as its a Apple mandatory requirement for updating AppleSilicon devices
However since macOS 11 their preferred method for updates it now to use the MDM commands or config profiles to manage OS updates
https://support.apple.com/en-gb/guide/mdm/mdm02df57e2a/web
Mark Buffington's post gives a good overview on this and the MDM options
https://community.jamf.com/t5/jamf-pro/updating-to-macos-11-6-with-jamf-pro-10-32-x-and-mdm-commands...
Posted on 10-26-2021 04:46 AM
M1's need the user to enter thier creds in order to do upgrades. No looked at the script your using but its not hardcoding creds in, or the user isnt typing thiers it wont work. Some one gave me a link to this script when i asked somthing similar: GitHub - grahampugh/erase-install: A script that automates downloading macOS installers and erasing ... i have tested this on a m1 with moterary and it works. It will prompt the user to enter in thier password, then will download the installer and run the upgrade
Posted on 10-26-2021 07:12 PM
Thanks @garybidwell ,
Your reply makes perfect sense. But I am still not sure how to go about using MDM to trigger a Monterey upgrade.
I tried the commands from
I can only see it finding macOS Big Sur 11.6.1, not macOS Monterey 12.0.1
Thanks @SCCM ,
Thanks for your link. But is the script really an erase & install of macOS?
All I want is to upgrade a M1 Macbook from Big Sur to Monterey.
Posted on 10-27-2021 12:10 AM
Likewise also interested. Has anyone had any success using 'Download and Install updates' from JAMF Pro work to a Monterey upgrade? I have not at this time. I am not even seeing the Monterey upgrade enumerated in the Software Updates section of each computer.
Posted on 10-27-2021 12:35 AM
The all the new MDM commands are there to support this in macOS 11/macOS 12, however I don't think all the new abilities are quite yet supported by Jamf.
I suggest joining the beta for 10.34 to see what's coming to make our lives easier around doing the updates/upgrades
Life for admins would be far easier if MDM commands could be called direct from the Jamf Binary, then they can be made into a normal policy rather than using a mass action
I would recommend up voting this feature request:
https://ideas.jamf.com/ideas/JN-I-22444
Posted on 10-27-2021 08:35 AM
@Bernard_Huang its not a erase and install, thats a option if you want it. Create a package following the user guide:https://github.com/grahampugh/erase-install/wiki/1.-Installation#recommended-method---installer-pack...
In a policy have that install, then have a post install script run with the following to install Monterey (current build):
#!/bin/bash
/Library/Management/erase-install/erase-install.sh --build=21A559 --update --reinstall --current-user --check-power --confirm
Posted on 11-04-2021 12:22 AM
Hi there,
I managed to get the upgrade to Monterey running on an M1 macbook via Self Service with the help of a script from https://github.com/therealmacjeezy/Scripts/tree/master/macOS%2010.14%20Update%20Script, it was originally created for upgrading to Mojave but I made some adaptations to get it running for Monterey.
You will need to create the installer package and have it within the self service policy, the install macOS Monterey.app has to be available for the script to work. Got it here: https://scriptingosx.com/2021/10/download-full-installer-update/
Most important - the logged in user has to have a secure token. This user does not necessarily have to be an admin.
this is the main key that triggers upgrade.
echo $fvPass | ./startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass
Posted on 11-04-2021 01:13 AM
That looks very useful and I'll definitely give it a go.
Is the '/usr/bin/fdesetup authrestart -delayminutes -1 -verbose -inputplist' still required in this case?
Posted on 11-04-2021 03:02 AM
good question, I actually just left it in and it does not seem to impact much. You can try leaving it out. Let me know if it still works well then will remove it from my script as well.
11-04-2021 05:18 AM - edited 11-04-2021 05:27 AM
Can confirm you can remove the entire section about authenticated reboot. Users are not admin nor disk owners.
Full working example here;
#!/bin/bash
# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")
fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} with text and hidden answer default button "Continue"
set fvPass to (text returned of result)
display dialog "Re-enter your macOS password to verify it was entered correctly" with text and hidden answer buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue"
if text returned of result is equal to fvPass then
set validatedPass to true
fvPass
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file messageIcon
end if
end repeat
APPLESCRIPT
)
echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass
exit 0
Posted on 11-04-2021 05:27 AM
perfect 🙂
Posted on 11-09-2021 12:46 PM
When I run this on an M1 Mac, it prompts for User password, and then just continues to spin. It never completes the script.
Posted on 11-09-2021 01:19 PM
Actually I wasn't patient enough. Works like a charm!
Posted on 11-10-2021 07:54 AM
Added your script to the full page splash. Working great so far!
#!/bin/bash
# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")
fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} with text and hidden answer default button "Continue"
set fvPass to (text returned of result)
display dialog "Re-enter your macOS password to verify it was entered correctly" with text and hidden answer buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue"
if text returned of result is equal to fvPass then
set validatedPass to true
fvPass
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file messageIcon
end if
end repeat
APPLESCRIPT
)
##Heading to be used for jamfHelper
heading="Please wait as we prepare your computer for macOS Monterey..."
##Title to be used for jamfHelper
description="
This process will take approximately 10-15 minutes.
Once completed your computer will reboot and begin the upgrade which can take an additional 45 minutes."
##Icon to be used for jamfHelper
icon=/Applications/Install\ macOS\ Monterey.app/Contents/Resources/InstallAssistant.icns
##Launch jamfHelper
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &
jamfHelperPID=$!
##Start macOS Upgrade
echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass
exit 0
Posted on 11-10-2021 08:24 AM
Excellent work! Thank you!
Posted on 11-10-2021 09:51 AM
Any reason why this script would be hanging up on an x86 Mac?
11-10-2021 10:41 AM - edited 06-29-2022 11:22 AM
Latest version working on both M1 and Intel macs
#!/bin/bash
# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")
fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} default button "Continue" with text and hidden answer
set fvPass to (text returned of result)
display dialog "Re-enter your macOS password to verify it was entered correctly" buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue" with text and hidden answer
if text returned of result is equal to fvPass then
set validatedPass to true
fvPass
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns"
end if
end repeat
AppleScript
)
##Heading to be used for jamfHelper
heading="Please wait as we prepare your computer for macOS Monterey..."
##Title to be used for jamfHelper
description="
This process will take approximately 20-30 minutes.
Once completed your computer will reboot and begin the upgrade which can take an additional 15-20 minutes."
##Icon to be used for jamfHelper
icon=/Applications/Install\ macOS\ Monterey.app/Contents/Resources/InstallAssistant.icns
##Launch jamfHelper
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &
jamfHelperPID=$!
##Start macOS Upgrade
echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass --pidtosignal $jamfHelperPID >> /var/log/startosinstall.log 2>&1 &
exit 0
edited to include the fix from @benjmars
Posted on 11-10-2021 10:47 AM
Your first one worked on the first test install I did on an Intel Mac.
Posted on 02-07-2022 08:21 AM
Thanks for sharing Atilla, this is amazing.
I have a fleet of iMacs I need to push this too but unfortunately, it looks like this will only work if a user is signed in to the machine. Is there a way for me to push this for idle iMacs that are stuck on the login screen?
Posted on 02-08-2022 11:26 AM
Just use the Remote command Option for those.
Posted on 02-08-2022 12:01 PM
Ah, true. I often forget that this feature exists. Thanks.
Posted on 02-28-2022 01:34 PM
Does this work on M1's too at the login screen?
Posted on 07-09-2023 11:20 PM
Where is the Remote Commands? I cant find it in my Jamf Pro portal.
Posted on 07-10-2023 07:10 AM
Posted on 02-28-2022 10:13 PM
it doesnt work....what are the steps for me to do ? iam new to Jamf, please be patient :)
Posted on 03-02-2022 03:58 PM
This is sold. I did notice that the user has to be the secure token holder for this to work. Also, has anyone been able to get the Monterey icon to show up? It originally showed up but now doesn't seem to show up in the Jamf Helper splash screen.
Posted on 03-29-2022 09:32 PM
testing this in sublime
im getting this error
/var/log/startosinstall.log: Permission denied
Posted on 03-30-2022 05:58 AM
everything in JAMF is run as root, may be your issue in sublime.
Posted on 04-07-2022 11:09 PM
I have updated remote command for big sur to montery 12.3.1 OS update successful but configuration and policies are not installed M1 Mac can help me what is the issue
04-18-2022 02:06 PM - edited 04-18-2022 02:09 PM
Works like a charm on my M1 test Mac, love it. This is the new upgrade process (at least until Jamf exposes this in Jamf Pro, easily / as a feature, macOS Monterey has been ready for it)... I assume either a password box will not be invoked on Intel Macs, or it just is ignored / does not matter.
Posted on 05-16-2022 07:48 AM
Thanks for you work here. Has this been utilized though the check in trigger at all instead of just self service?
Posted on 06-19-2022 07:08 PM
Having some trouble getting this to work with the --eraseinstall parameter, I assumed this would work since we have provided the secure token holders p/w, any ideas? TIA
Posted on 06-27-2022 10:48 AM
hello.
I have had success running your script from the local machine. Question do I need to install the macOS installer ahead of time or will this script do all the work, downloading and then installing, and upgrading the computer? Just making sure so I can build in a step to do this if needed.
Thank you.
Posted on 06-27-2022 11:03 AM
You need to pre download the installer.
Posted on 06-29-2022 08:27 AM
This script is great and works really well except I found an error in the AppleScript for mismatched passwords. This line references icon file "messageIcon":
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file messageIcon
This fails to reprompt when there is a password mismatch entered and the script continues running and then hangs on the OS install since the password is incorrect.
Here is a corrected version of this script:
#!/bin/bash
# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")
fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} default button "Continue" with text and hidden answer
set fvPass to (text returned of result)
display dialog "Re-enter your macOS password to verify it was entered correctly" buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue" with text and hidden answer
if text returned of result is equal to fvPass then
set validatedPass to true
fvPass
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns"
end if
end repeat
AppleScript
)
##Heading to be used for jamfHelper
heading="Please wait as we prepare your computer for macOS Monterey..."
##Title to be used for jamfHelper
description="
This process will take approximately 20-30 minutes.
Once completed your computer will reboot and begin the upgrade which can take an additional 15-20 minutes."
##Icon to be used for jamfHelper
icon=/Applications/Install\ macOS\ Monterey.app/Contents/Resources/InstallAssistant.icns
##Launch jamfHelper
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &
jamfHelperPID=$!
##Start macOS Upgrade
echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass --pidtosignal $jamfHelperPID >> /var/log/startosinstall.log 2>&1 &
exit 0
Posted on 06-29-2022 11:20 AM
great find and fix!
Posted on 07-27-2022 02:07 PM
Fantastic!
Posted on 07-27-2022 02:19 PM
I verified the correction works as expected. Really great, thank you!