Jamf Nation Community

Here is how I check for macOS updates, install the recent available and reset Jamf Connect login window.

- Requires a local admin username, PID and password.

Create a Script in Jamf Pro.

#!/bin/zsh -i
vers=$(sw_vers -productversion)
install=$(softwareupdate --list-full-installer | sed -n '3p' | tr : '\n' | tr , '\n')
name=$(echo "$install" | sed -n '2p' | sed -e 's/^[ \t]*//')
number=$(echo "$install" | sed -n '4p' | sed -e 's/^[ \t]*//')

if ls /Applications/Install\ macOS* 1> /dev/null 2>&1 ; then
	rm -rf /Applications/Install\ macOS*
fi

if [[ "$number" > "$vers" ]] ; then
	echo "Installer available $name $number."
	launchctl asuser <ADMINPID> sudo -u <ADMINUSERNAME> softwareupdate --fetch-full-installer --full-installer-version $number
		if [[ -d "/Applications/Install $name.app" ]]; then
			echo <ADMINPASSWORD> | "/Applications/Install $name.app/Contents/Resources/startosinstall" --agreetolicense --forcequitapps --nointeraction --user <ADMINUSERNAME> --stdinpass
fi

• Checks/removes current installer app.
• Gets current macOS version number.
• Check for available macOS versions.
• Parses the available macOS versions list to get the name and number of the most recent macOS.
• Checks if available macOS version is higher than installed version.
• Downloads the available macOS.
• Installs an in-place macOS upgrade as an admin user interactively.
• Reboots after upgrade is complete.

reset.jamf.connect.plist copy to /Library/LaunchDaemons

sudo launchctl load /Library/LaunchDaemons/reseet.jamf.connect.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>reset.jamf.connect</string>
	<key>ProgramArguments</key>
	<array>
		<string>/bin/zsh</string>
		<string>/Library/Scripts/Register User/reset.jamf.connect.sh</string>
	</array>
	<key>RunAtLoad</key>
	<true/>
	<key>UserName</key>
	<string>root</string>
</dict>
</plist>

reset.jamf.connect.sh copy to /Library/Scripts/Register User/reset.jamf.connect.sh

if ! (/usr/local/bin/authchanger -print) | grep -q "JamfConnectLogin:Success"; then
        /usr/local/bin/authchanger -reset -JamfConnect
	killall loginwindow
fi

Make sure to change file permissions on these files and make the sh file executable (chmod x+ reset.jamf.connect.sh)

• system : owner:read:write
• everyone: read only
• wheel: read only

I made a PKG that will install these files on client computers and launchctl /Library/LaunchDaemons/reset.jamf.connect.plist.

Created a policy to run macOS Update Check script once a week on all computers.

Any time when the computer is rebooted, LaunchDaemon run reset.jamf.connect.plist which runs the script to check if Jamf Connect loginwindow is set as the default.

• If it's default, the script exits.
• If it's NOT default, the script run
  • authchanger -reset -JamfConnect
  • killall loginwindow
• The loginwindow dies for about 25 seconds and restarts.
• When it restarts, it will show the Jamf Connect loginwindow.