Here is how I check for macOS updates, install the recent available and reset Jamf Connect login window.
- Requires a local admin username, PID and password.
Create a Script in Jamf Pro.
#!/bin/zsh -i
vers=$(sw_vers -productversion)
install=$(softwareupdate --list-full-installer | sed -n '3p' | tr : '\n' | tr , '\n')
name=$(echo "$install" | sed -n '2p' | sed -e 's/^[ \t]*//')
number=$(echo "$install" | sed -n '4p' | sed -e 's/^[ \t]*//')
if ls /Applications/Install\ macOS* 1> /dev/null 2>&1 ; then
rm -rf /Applications/Install\ macOS*
fi
if [[ "$number" > "$vers" ]] ; then
echo "Installer available $name $number."
launchctl asuser <ADMINPID> sudo -u <ADMINUSERNAME> softwareupdate --fetch-full-installer --full-installer-version $number
if [[ -d "/Applications/Install $name.app" ]]; then
echo <ADMINPASSWORD> | "/Applications/Install $name.app/Contents/Resources/startosinstall" --agreetolicense --forcequitapps --nointeraction --user <ADMINUSERNAME> --stdinpass
fi
- Checks/removes current installer app.
- Gets current macOS version number.
- Check for available macOS versions.
- Parses the available macOS versions list to get the name and number of the most recent macOS.
- Checks if available macOS version is higher than installed version.
- Downloads the available macOS.
- Installs an in-place macOS upgrade as an admin user interactively.
- Reboots after upgrade is complete.
reset.jamf.connect.plist copy to /Library/LaunchDaemons
sudo launchctl load /Library/LaunchDaemons/reseet.jamf.connect.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>reset.jamf.connect</string>
<key>ProgramArguments</key>
<array>
<string>/bin/zsh</string>
<string>/Library/Scripts/Register User/reset.jamf.connect.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>UserName</key>
<string>root</string>
</dict>
</plist>
reset.jamf.connect.sh copy to /Library/Scripts/Register User/reset.jamf.connect.sh
if ! (/usr/local/bin/authchanger -print) | grep -q "JamfConnectLogin:Success"; then
/usr/local/bin/authchanger -reset -JamfConnect
killall loginwindow
fi
Make sure to change file permissions on these files and make the sh file executable (chmod x+ reset.jamf.connect.sh)
- system : owner:read:write
- everyone: read only
- wheel: read only
I made a PKG that will install these files on client computers and launchctl /Library/LaunchDaemons/reset.jamf.connect.plist.
Created a policy to run macOS Update Check script once a week on all computers.
Any time when the computer is rebooted, LaunchDaemon run reset.jamf.connect.plist which runs the script to check if Jamf Connect loginwindow is set as the default.
- If it's default, the script exits.
- If it's NOT default, the script run
- authchanger -reset -JamfConnect
- killall loginwindow
- The loginwindow dies for about 25 seconds and restarts.
- When it restarts, it will show the Jamf Connect loginwindow.
