Posted on 03-23-2023 10:30 AM
Hi All,
Apologies here I am new to JAMF Pro so forgive me if I have missed something obvious:
I have followed this guide here:
https://trainingcatalog.jamf.com/update-macos-1/372407
This is about doing a mass update of the OS. I have followed all the guides and document under Remote Commands - Update OS version and built in apps - Target version - latest version based on device eligibility - download and install the update, and restart computers after installation.
Is this not supposed to then update the computer automatically? Without the users interaction?
Looked into this as well and followed this but still nothing.
https://resources.jamf.com/documents/technical-papers/Deploying-macOS-Upgrades-with-Jamf-Pro.pdf
Thanks
03-23-2023 10:43 AM - edited 03-23-2023 10:50 AM
What are the MDM responses your devices are giving? Have you checked the install.log on any of the Macs to see what it may be reporting?
On a side note, JAMF really needs to update that training video. That is 5 years out of date now. Any information for using the softwareupdate binary, or any policies for OS updates is no longer relevant. The SoftwareUpdate Binary wont work on Apple Silicon Macs, you also cant use custom OS update servers anymore.
I prefer to specify the update I want devices to install.
If you need or want to use the update to Latest version based on device eligibility make sure to check the box Include major updates, if available.
Posted on 03-23-2023 01:01 PM
I've just recently went down a Rabbit Hole on this very issue. If your on M1 computers and they haven't had the MDM boot strap escrowed to them, the MDM command to silently install updates flat out won't work.
You can check a machines bootstrap token status with the following command:
sudo profiles status -type bootstraptoken
To fix this going forward, I have my very first policy that runs at enrollment create a new local admin account, delete the admin account that was created by the pre-stage enrollment, and then run a script to escrow the bootstrap token. For better or worse, this assures that every account that logs into the machine gets the secure token on login (hopefully this doesn't bite me in the ass later). I am not finding an easy way to fix the 500 or so m1 machines in my org that don't have a boot strap token because I'm not sure who has the secure token unless I research on a case-by-case basis.
I'm still pretty new to this whole thing (9 months) and I am the most senior level JAMF person in my org because everyone else got fired or quit.
Posted on 03-23-2023 01:12 PM
Welcome to the world of raging at macOS Updates. Oh did I say raging at, I meant to say managing.
Posted on 03-23-2023 01:18 PM
hahah yes! It doesn't help that my predecessors used the JAMF management account for everything, which apparently really messes with how Boot Strap Tokens and Secure Tokens are assigned.
Sometimes Mac computers make me the saddest boy...
Posted on 03-29-2023 09:14 AM
If you are new to mas macOS updates my recommendation is to use the following tools:
Nudge, Erase Install, and Jamf Pro.
Nudge Post-install https://github.com/dan-snelson/Nudge-Post-install/wiki
Erase-install https://github.com/grahampugh/erase-install/wiki/6.-Use-in-Jamf-Pro
This is a link to a film that shows how I have automated this process using the tools above.
The mass action update workflow is not reliable IMO. The workflow above is.
Hope that helps.