Help

macOS Sonoma not being blocked

Go to solution
JoeRonin
New Contributor II

Posted on ‎09-29-2023 07:52 AM

Hello Everyone, 

 

Is anyone else seeing macOS Sonoma not respecting the delay within the restrictions payload?

I have the delay for Major software updates set to 90 days. In addition I also have a software restriction setup for "Install macOS Sonoma.app". Not sure how my users / systems are being updated?

 

Screenshot 2023-09-29 at 10.47.37 AM.png

Screenshot 2023-09-29 at 10.51.21 AM.png

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
JoeRonin
New Contributor II

‎09-29-2023 08:20 AM - edited ‎09-29-2023 08:47 AM

False alarm. A lesson to always review config profiles before posting ;)

 

Upon closer inspection. This is due to a config profile that have setup to get around 13.4.1 upgrade issue (https://community.jamf.com/t5/jamf-pro/13-4-1-upgrade-fails/m-p/294319). We have about 50 systems under this OS version and are scoped to a config profile with no delay. False alarm. 

View solution in original post

0 Kudos
8 REPLIES 8

Go to solution
jwbeatty
New Contributor III

Posted on ‎09-29-2023 07:56 AM

I have similar restrictions in place. They are mostly working, but I have had four users that have managed to slip through and update.

0 Kudos

Go to solution
obi-k
Valued Contributor II
In response to jwbeatty

Posted on ‎09-29-2023 08:46 AM

Check out this thread: https://community.jamf.com/t5/jamf-pro/can-t-block-sonoma/m-p/300438/emcs_t/S2h8ZW1haWx8dG9waWNfc3Vi...

Scroll down to @PorkChopExpress and what he mentions. Worked for me after I resolved duplicate keys.

0 Kudos

Go to solution
JoeRonin
New Contributor II
In response to jwbeatty

Posted on ‎09-29-2023 08:48 AM

Thanks for your reply @jwbeatty. I thought I was going crazy 😅

0 Kudos

Go to solution
JoeRonin
New Contributor II

‎09-29-2023 08:20 AM - edited ‎09-29-2023 08:47 AM

False alarm. A lesson to always review config profiles before posting ;)

 

Upon closer inspection. This is due to a config profile that have setup to get around 13.4.1 upgrade issue (https://community.jamf.com/t5/jamf-pro/13-4-1-upgrade-fails/m-p/294319). We have about 50 systems under this OS version and are scoped to a config profile with no delay. False alarm. 

0 Kudos

Go to solution
HoneyThakur
New Contributor

Posted on ‎09-29-2023 01:22 PM

Hi @JoeRonin 
Facing the same even raised Jamf support case but not help at all, is it fixed at your end, it seems that some of the devices are getting slipped through the restricted profile and being updated.

Please let me know if you have a fix for it

0 Kudos

Go to solution
JamfAdmin2
New Contributor II

Posted on ‎10-05-2023 08:14 AM

is there a way to fix this in the config profiles payload in jamf? i have 16 users able to download the sonoma os even though we have a config profile and restrictions set in place hahaha 

is this more my fault? or is this something on apples end? 

0 Kudos

Go to solution
Vincenthesse
New Contributor III

Posted on ‎10-13-2023 01:22 AM

It works with this profile

0 Kudos

Go to solution
Vincenthesse
New Contributor III

Posted on ‎10-13-2023 01:56 AM

Introduction

This article provides steps to restrict macOS Sonoma from being installed via System Settings/System Preferences on computers managed by Jamf Pro using a Custom JSON Schema deployed with a Jamf Pro configuration profile.

While the Restrictions payload in a Jamf Pro configuration profile can be used to defer macOS Sonoma as outlined in the Technical Paper Deferring Availability of macOS Software Upgrades and Updates with a Configuration Profile, the Custom JSON Schema is a good option if:

  • you don't want to deploy the Restrictions payload in Jamf Pro
  • you have an existing configuration profile with Restrictions enabled that you don't want to update and re-deploy


Instructions 

1. In Jamf Pro, navigate to Computers > Configuration Profiles and click New.

2. Fill out the Display Name in the General payload. 

3. Select the Application & Custom Settings payload, click External Applications, and click the +Add button in the upper-right corner.

4. For Source, choose Custom Schema from the dropdown box. In the Preference Domain field paste use the domain: com.apple.applicationaccess

5. Click +Add schema, paste the text below in the Custom Schema box, and click Save.

{
	"title": "com.apple.applicationaccess",
	"description": "",
	"properties": {
        "enforcedSoftwareUpdateMajorOSDeferredInstallDelay": {
            "title": "Enforced Software Update Major OS Deferred Install Delay ",
            "description": "",
            "property_order": 5,
            "anyOf": [
                {"type": "null", "title": "Not Configured"},
                {
                    "title": "Configured",
                    "type": "integer"
                }
            ]
        },
        "forceDelayedMajorSoftwareUpdates": {
            "title": "Force Delayed Major Software Updates ",
            "description": "",
            "property_order": 10,
            "anyOf": [
                {"type": "null", "title": "Not Configured"},
                {
                    "title": "Configured",
                    "type": "boolean"
                }
            ]
        }
	}
}
 

Screenshot 2023-10-13 at 10.27.27.png

6. Additional fields to be completed will populate: 

a. Enforced Software Update Major OS Deferred Install Delay: Use the dropdown to select Configured, and in the additional box that appears set the value (1-90) for the number of days to restrict the update.

b. Force Delayed Major Software Updates: Use the dropdown to select Configured, and set the additional box to True.

Screenshot 2023-10-13 at 10.53.34.png

7. Click Scope and add a test computer or test computer group to ensure the update is blocked.

8. Click Save.

Source : Jamf service now

0 Kudos