Restricted Software Sequoia

JMontey1
New Contributor III

Hey there,

I am currently working to black Sequoia Beta and eventually the Public Release. At the time of this post, Beta 3 is available. I have been trying to find the right process name to use to block the app from installing in "Restricted Software". I've used "Sequoia" *Sequoia "Install macOS Sequoia Beta" "Install macOS Sequoia Beta.app" 

 

Just wanted to share currently the one that works is "macOS Sequoia 15 Beta"

10 REPLIES 10

jamf-42
Valued Contributor II

Block Apple ID login.. and add InstallAssistant process to restricted 

obi-k
Valued Contributor III

May also use a configuration profile to block beta install.

Screenshot_2024-07-12_at_1_54_15 PM.png

AJPinto
Esteemed Contributor

You do this with a Configuration Profile as others have pointed out. There is no point in blocking the install macOS Sequoia.app as Major OS updates are processed as deltas and do not use the install app anymore so blocking it does not do anything. The last time blocking the install app worked was macOS 12. 

Spikemouth
New Contributor II

I just spent a bit of time on this today and confirmed a few things with Jamf. There is no way to actually block macOS Betas through Software Update. You can defer all updates for up to 90 days which will prevent users from being able to install it through Software Update. Using Restricted Software will only restrict it from being installed if the package is downloaded from the web. For instance, if I download the beta from Apple's website, then Restricted Software will prevent the installation.

Here's where @obi-k's idea comes into play. While yes you can use the configuration update to do this, it doesn't do what we want it to do. I've tested this myself and have come up with how this configuration profile actually works by trial and error. So, as long as the user has Beta Updates turned off in Software Update, this configuration profile will hide the Beta Updates field all together which will prevent the user from accessing Beta Updates through Software Update. This does not prevent the user from installing a Beta if they download it from the web. That's where Restricted Software comes into play.

If a user has Beta Updates turned on and the configuration profile is added to their computer, the configuration profile does nothing and does not prevent the user from installing Betas through Software Update. The Beta Updates field remains visible even though the configuration profile is in place. If that same user turns off Beta Updates and refreshes System Settings, then yes, the configuration profile will hide the Beta Updates field.

Hope this helps!

Screenshot 2024-07-12 at 2.12.55 PM.jpgBeta.jpg

Screenshot 2024-07-12 at 3.31.51 PM.png

Also, I didn't know I couldn't edit my reply so thankfully support was able to correct my last image. Thanks!

AJPinto
Esteemed Contributor

Is there still a way to download the install macOS Beta.app? I have not seen anyone attempting to do that in years and just assumed apple killed all methods to get the beta software aside of through software update or the ISPW (which a config profile nor restriction could stop).

jamf-42
Valued Contributor II

Mist... most handy for ISO for VMs.. https://github.com/ninxsoft/Mist 

JMontey1
New Contributor III

Also, I frequent Mrmacintosh.com for installers. 

cucaracha
New Contributor III

I couldn't block the manual install of Sequoia beta per @JMontey1's method. Instead, I used the JAMF recommendation: https://learn.jamf.com/en-US/bundle/technical-paper-deploying-macos-upgrades-current/page/Restrictin....

I think this is the best method because you don't have to chase exact naming especially when it's beta. One thing that I found confusing was it doesn’t block the actual “InstallAssistant”, but it will block any "Install macOS…..” like "Install macOS Sequoia Beta”.

skali
New Contributor

Ignore update for macOS 15 Sequoia for 90 days:

forums.macrumors.com/threads/ignore-sequoia-for-90-days.2436999/    <-copy paste this url on your browser...

this does it for me. (1) open TexEdit, (2) copy paste "Code:", (3) save as delayedupdate.mobileconfig (4) before that I [ ] unticked the box that says If no extension is provided, use".txt" and I left it as Unicode (UTF-8)

save on desktop

then open System Settings, type profiles in the search box

under Install, view or remove configuration profiles, click the + button find the file on desktop named delayedupdate.mobileconfig

click Open then continue. Done.