Jamf Nation Community

As far as I know, this is not possible simply do to the fact that Apple requires a user on the other end of the OS upgrade in order for it to complete. Any other method will always require someone to login to finish the upgrade.

@Hugonaut , the --NOINTERACTION flag will allow the upgrade to kick off automaticlly but a user will still have to log in once the upgrade gets to a certain point to complete the upgrade. Apple will always require a human to complete it.

@nelsoni if you wanna get technical for full automation you could always deploy a launchdaemon and an applescript or shell script containing osascript commands, have the launchdaemon call on the deployed script that tells system events to keystroke a username and password once it gets to the login window. Granted gui scripting a possible administrative user name and password is certainly not secure nor best practice it could fully automate the process to allow the last part of the upgrade complete. (could deploy a temporary account with jamf and have jamf remove it post upgrade)

That is a valid point. Just wanted to point out that by default neither a full os reninstall or an upgrade can achieve full zero-touch automation through supported flags.

for managed devices they should absolutely include a flag for full automation, my initial thought was that raphy was looking for the no interaction flag, you got me thinking

Couldn't agree with you more, but given how apple has handled KEXT approvals and then PPPC and now screen recording, it has become incresingly clear that apple wants a living breathing human involved in nearly every facist of Mac management when it comes to their flavor of "Automation"

I'm not 100% sure but I think Apple definition of "Automation" stops when security is involved.

C

I have used macOS Upgrade from one of Jamf's engineers to perform unattended upgrades to fleets of Macs, first from Sierra to High Sierra, then from High Sierra to Mojave. Looks like it finally got a minor update for Catalina compatibility. It's never required an end-user to log in. I mean, the first time a user logs in, post-upgrade, it may display "installing" but that process is only once, for a few seconds. 99% of the actual installation is automated.

I'd also recommend the "Recon after OS update" LaunchDaemon from @bpavlov at this link, to make sure your host gets any OS-specific MDM profiles pushed as soon as possible (i.e. before the default "once a day"). Since one can't pre-deploy MDM profiles (i.e. notifications on 10.15, TCC on 10.14 and 10.15, et. al.)

I am not denying that this works for some people. I just have yet to see any upgrade method other then doing the apple way where i dont get an additional 13 minute install after login from an upgrade.

@nelsoni I'm not denying that my users may get a dialog like that, at least once. I've never seen it take 13 minutes, though, or happen more than once. And, the actual OS is updated, so... it's unclear to me what post-upgrade stuff is actually happening. Then again, most of my systems have generally been single-user, rather than multiple user...

I've only experienced these 3 scenarios:

1- once initiated via Self Service, the computer restarts as expected, does a couple of restarts then hangs on a black screen for awhile. once you hit the spacebar (or any key), the machine wakes up and continues the process.

2 - is that in the middle of an upgrade, it takes the user to the login screen to enter credentials sometimes twice when the Catalina background shows up. once entered, the machine goes back to the update screen (about x minutes remaining... )

3 - Apples official upgrade, but you still have to accept the license and click through the prompts etc..

How can I do this for Big Sur?