truly automated script or workflow for OS upgrade?

raphhyyy
New Contributor III

is there a true, automated OS upgrade script or workflow for end users to upgrade their machine? I know if you do direct from Apple, it works after accepting agreements etc..

Is there one known outside of that?
i know of the macosupgrade.sh, along with trying deploying the Catalina.pkg to the machine, and initiating the upgrade with: '/Applications/Install macOS Catalina.app/Contents/Resources/startosinstall' --agreetolicense --forcequitapps

but both of those still have to have some sort of user interaction for it to go through.

13 REPLIES 13

Hugonaut
Valued Contributor II

d2a625a0163a4f3d8755b2450cf5c786

# Start Upgrade for Catalina
/Applications/Install macOS Catalina.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps
________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

nelsoni
Contributor III

As far as I know, this is not possible simply do to the fact that Apple requires a user on the other end of the OS upgrade in order for it to complete. Any other method will always require someone to login to finish the upgrade.

nelsoni
Contributor III

@Hugonaut , the --NOINTERACTION flag will allow the upgrade to kick off automaticlly but a user will still have to log in once the upgrade gets to a certain point to complete the upgrade. Apple will always require a human to complete it.

Hugonaut
Valued Contributor II

@nelsoni if you wanna get technical for full automation you could always deploy a launchdaemon and an applescript or shell script containing osascript commands, have the launchdaemon call on the deployed script that tells system events to keystroke a username and password once it gets to the login window. Granted gui scripting a possible administrative user name and password is certainly not secure nor best practice it could fully automate the process to allow the last part of the upgrade complete. (could deploy a temporary account with jamf and have jamf remove it post upgrade)

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

nelsoni
Contributor III

That is a valid point. Just wanted to point out that by default neither a full os reninstall or an upgrade can achieve full zero-touch automation through supported flags.

Hugonaut
Valued Contributor II

for managed devices they should absolutely include a flag for full automation, my initial thought was that raphy was looking for the no interaction flag, you got me thinking

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

nelsoni
Contributor III

Couldn't agree with you more, but given how apple has handled KEXT approvals and then PPPC and now screen recording, it has become incresingly clear that apple wants a living breathing human involved in nearly every facist of Mac management when it comes to their flavor of "Automation"

gachowski
Valued Contributor II

I'm not 100% sure but I think Apple definition of "Automation" stops when security is involved.

C

RobertHammen
Valued Contributor II

I have used macOS Upgrade from one of Jamf's engineers to perform unattended upgrades to fleets of Macs, first from Sierra to High Sierra, then from High Sierra to Mojave. Looks like it finally got a minor update for Catalina compatibility. It's never required an end-user to log in. I mean, the first time a user logs in, post-upgrade, it may display "installing" but that process is only once, for a few seconds. 99% of the actual installation is automated.

I'd also recommend the "Recon after OS update" LaunchDaemon from @bpavlov at this link, to make sure your host gets any OS-specific MDM profiles pushed as soon as possible (i.e. before the default "once a day"). Since one can't pre-deploy MDM profiles (i.e. notifications on 10.15, TCC on 10.14 and 10.15, et. al.)

nelsoni
Contributor III

I am not denying that this works for some people. I just have yet to see any upgrade method other then doing the apple way where i dont get an additional 13 minute install after login from an upgrade.

RobertHammen
Valued Contributor II

@nelsoni I'm not denying that my users may get a dialog like that, at least once. I've never seen it take 13 minutes, though, or happen more than once. And, the actual OS is updated, so... it's unclear to me what post-upgrade stuff is actually happening. Then again, most of my systems have generally been single-user, rather than multiple user...

raphhyyy
New Contributor III

I've only experienced these 3 scenarios:

1- once initiated via Self Service, the computer restarts as expected, does a couple of restarts then hangs on a black screen for awhile. once you hit the spacebar (or any key), the machine wakes up and continues the process.

2 - is that in the middle of an upgrade, it takes the user to the login screen to enter credentials sometimes twice when the Catalina background shows up. once entered, the machine goes back to the update screen (about x minutes remaining... )

3 - Apples official upgrade, but you still have to accept the license and click through the prompts etc..

valentin_peralt
New Contributor III

How can I do this for Big Sur?