I am trying to restrict Monterey Installations for the time being using Software Restriction in Jamf.
I have 2 restrictions. 1 for Beta and 1 for release.
When the installer runs I see the process name in Activity Monitor
Install macOS Monterey beta.app
I have this listed in the Restrict Software under Process Name.
But when I run the installer the process does not kill on the machine that is being restricted.
Is something not correct in my Restrict Software setup?
@Fardoomz You can block the GUI for all macOS installers by blocking the process named "InstallAssistant" and specifying "Restrict exact process name". This does not block the `startosinstall` tool however so depending on how persistent your users are you may want to block that process as well.
@Ken_Bailey are you using JAMF Cloud ? We are still JAMF on prem, running JAMF 10.27, and not seeing the same options within Defer updates as you have above. Putting it down to a later release of JAMF which incorporates that granular level of control. More reason for us to upgrade to latest JAMF release I guess, and all the work that involves 😞
@Ken_Bailey I'm struggling to figure out how to set the above so that Monterey is deferred for 90 days but allow things like the Big Sur 11.6.1 update released today.
Would Big Sur 11.6.1 be considered a "minor software update" ?
I'm waiting for the 11.6.1 Big Sur Update to start showing as available here so I can play around with the settings to try and figure it out.
We want to ensure people are still getting any Big Sur updates that Apple releases, but not Monterey.
@johnsz_tu we ended up pushing the configuration profile with just Defer updates of Only major software updates for 90 Days. We have a number of users who have upgraded to 11.6.1. None have been able to update to Monterey yet. So the Big Sur updates should be minor software updates, based on what I am seeing in our environment. The major update should only be a new OS like Big Sur to Monterey.
Its seems like we can add this to the list of broken functions within Jamf relating to software updates. Software update policies have been broken since Big Sur and now the config profiles. I have Only Major software updates deferred for 60 days, and so far I've tested on a device running 11.2.3 > Allows Monterey install. Device running 11.5.2 > shows only 11.6.1 available for install. Device running 11.6 > Shows on latest allowed by organization and no option to install 11.6.1. It looks like the payload is just broken. Have a case open with Jamf and waiting to hear back
@RPA_Sma4 For Catalina - putting aside the config profile inconsistencies- my testing has shown that you CAN still block Monterey using the "softwareupdates --ignore "macOS Monterey". This method is deprecated/no longer works for Big Sur 11.x onwards, BUT if you are fortunate/unfortunate enough to still have mac devices in your fleet running Catalina, this method will work.
no, it doesn't work. I am on catalina 10.15.7 :
sudo softwareupdate --ignore "macOS Monterey"
Software Update can only ignore updates that are eligible for installation.
If the label provided to ignore is not in the above list, it is not eligible
to be ignored.
Ignoring software updates is deprecated.
it would appear that the update is not being presented to the mac device you are using. Perhaps you have deferrals in place. I can confirm 100% that the process I detailed in previous post DOES work IF the update is presented to the device. As already covered, yes the function is deprecated from Big Sur onwards, however does work for Catalina devices. Also - the device needs to be MDM managed. There was another post JN relating to this. Apple mandated this was a requirement in order to use this --ignore functionality.
It has been 98 days since Monterey was released. Is there a way to restrict major software update past the 90 days limit in Config Profile, restrictions, functionality (tab), defer update? I don't mind people downloading and updating it but I rather not have it advertised as the default option when updating.