Posted on 01-18-2022 06:36 AM
I downloaded the macOS installer via Apple's App Store. I tried to install using a policy but the policy-- following the white page found here: https://docs.jamf.com/technical-papers/jamf-pro/deploying-macos-upgrades/9.96/Packaging_and_Deployin... . That has just failed each time I tried to install via policy.
So today, I packaged the installer via composer. Put the pkg into my JAMF distribution point via Admin. Changed the definition of 12.1.0 to the pkg.
When trying to upgrade via Self-Service to test the patch I get Error: Package was not successfully downloaded. 400 on my test machine.
I have read so many other forums here on JAMF Nation about different ways people are installing the upgrade. Brain is kind of soup from all of them. Assistance in installing the latest MacOS would be appreciated. I need to push it to a fleet of 300 + Macs.
Solved! Go to Solution.
Posted on 01-18-2022 07:48 AM
By default, it tries to download the most current version compatible with the hardware that is running the update, so if Monterey compatible, currently it would attempt to download 12.1.
You can set it to try to do a specific version instead of defaulting to newest. That process is further described in the wiki page here:
https://github.com/grahampugh/erase-install/wiki/6.-Upgrading-or-reinstalling-macOS
and here are the Jamf Pro Instructions:
https://github.com/grahampugh/erase-install/wiki/8.-Use-in-Jamf-Pro
I have seen it most typically used as a self service button where users can initiate the upgrade. The user does not need to be an admin, but may be prompted for a password. If the machine upgrading is an Intel Mac, it can update without authentication since Jamf runs as root. However, if on apple silicon, it still can run as a non-admin since jamf is running as root, but the update requires a volume owner to authenticate - this can be a standard user as long as they are a volume owner (typically if they have a secure token). I think the wiki also documents with screenshots regarding the prompts you may see in Apple Silicon on the first link I put in this comment.
Posted on 01-18-2022 07:36 AM
Armin posted a bit about deploying the macOS installer for Big Sur on his blog a while back and the challenges involved with it: https://scriptingosx.com/2020/11/deploying-the-big-sur-installer-application/
Personally, I use his app Download Full Installer to create the installer pkg for me that I upload to Jamf Pro:
https://github.com/scriptingosx/DownloadFullInstaller
Another option though, would be using erase-install by Graham Pugh. (Just the name, you can use it to upgrade and not erase). This script does not require packaging the installer and has the clients download it during the update process:
https://github.com/grahampugh/erase-install
Posted on 01-18-2022 07:42 AM
Yeah I read that article in your first point. Your Download Full Installer is an interesting concept. I haven't heard of that.
For the last option, would I just edit the script to pull the correct Update and push it via Policy? Would it require an admin to be running the install?
Posted on 01-18-2022 07:48 AM
By default, it tries to download the most current version compatible with the hardware that is running the update, so if Monterey compatible, currently it would attempt to download 12.1.
You can set it to try to do a specific version instead of defaulting to newest. That process is further described in the wiki page here:
https://github.com/grahampugh/erase-install/wiki/6.-Upgrading-or-reinstalling-macOS
and here are the Jamf Pro Instructions:
https://github.com/grahampugh/erase-install/wiki/8.-Use-in-Jamf-Pro
I have seen it most typically used as a self service button where users can initiate the upgrade. The user does not need to be an admin, but may be prompted for a password. If the machine upgrading is an Intel Mac, it can update without authentication since Jamf runs as root. However, if on apple silicon, it still can run as a non-admin since jamf is running as root, but the update requires a volume owner to authenticate - this can be a standard user as long as they are a volume owner (typically if they have a secure token). I think the wiki also documents with screenshots regarding the prompts you may see in Apple Silicon on the first link I put in this comment.
Posted on 01-18-2022 07:56 AM
Thank you for breaking it down like that. I have poured over that script and was so unsure based on what I saw others saying.