Ignore Catalina Upgrade Prompt in Software Update

nstrauss
Contributor II

a46b39387e3c42ac86ee1fc7424ef465

Lots of discussion in #catalina on the MacAdmins Slack on how to disable the above prompt. Turns out even though Catalina isn't a traditional software update, it does still exist as a software update catalog entry and can be ignored in the same way. Run this command to ignore on a single machine...

sudo softwareupdate --ignore "macOS Catalina"

The Catalina banner in Software Update should disappear almost immediately. To send that out to your entire fleet with Jamf Pro, create a new policy with Files and Processes. Under execute command add that command. Scope to whichever Macs you don't want to be prompted. Problem solved! Thanks to folks on MacAdmins Slack for working through this.

3e8e48f353404528a248da8e5934c969

To undo what you just did and remove ignored software update entries run...

sudo softwareupdate --reset-ignored

To collect inventory information on what Macs have this ignore software update in place I have an EA. Tested on High Sierra, Mojave, and Catalina. Returns a list of ignored software updates added with the --ignore command. Useful to run advanced searches or smart groups against as needed.

https://github.com/nstrauss/jamf-extension-attributes/blob/master/ignored_softwareupdates.py

54 REPLIES 54

itupshot
Contributor II

Fantastic!

EDIT: The red badge persists even after reboot, but at least the software is not shown in the Pref pane. I also have it as restricted software for good measure.

krispayne
Contributor

The badge persists on System Preferences in the dock. I might need a reboot, and most folks don't have System Preferences in their dock. Just an observation!

nickbtx
New Contributor II

to block it all together you can add the update app to your restricted software section. Its kills the process if they go to the app store and download itc4cfa7879ea346e483a7dd576e5e8916

jtrant
Valued Contributor

I would recommend checking the "Delete application" box, as it's extremely unlikely any Mac admins will go with 10.15.0 as a supported version of Catalina. From experience, this will help with smart group scoping later down the line when a supported version is decided.

schiemsk
New Contributor III

@nstrauss many thanks for that.

I wonder why the restrictions payload "Delay software updates for nn days" had no effect? I applied this configuration profile after a Jamf webinar.
Fortunately, no one in the production saw that Catalina's update was available.

dan-snelson
Valued Contributor II

We've opened a case with AppleCare (100920494740) to communicate our displeasure that Catalina was advertised to our end-users around our software update delay.

jwojda
Valued Contributor II

I had the badge showing on my machine, some googleing brought up

defaults write com.apple.systempreferences AttentionPrefBundleIDs 0
killall Dock

After that the badge disappeared for me. Not sure how much it affects long term, but for now it worked on my machine.

Correction, it disappeared from my dock. but not the actual system preference when I went back and refreshed the system preference window the badge icon came back to the dock. :(

donmontalvo
Esteemed Contributor III

We are letting the dogs loose too...

@dan-snelson wrote:

We've opened a case with AppleCare (100920494740) to communicate our displeasure that Catalina was advertised to our end-users around our software update delay.
--
https://donmontalvo.com

dan-snelson
Valued Contributor II

I knew I liked you, @donmontalvo!

donmontalvo
Esteemed Contributor III

@dan-snelson you missed the shiny Like button. LOL

--
https://donmontalvo.com

atomczynski
Valued Contributor

@schiemsk I think the defer xx days is not working as this is a OS upgrade (jump from 10.14 to 10.15) and not upgrade like 10.14.5 to 10.14.6.

schiemsk
New Contributor III

@atomczynski I suppose too.

However, I wouldn't be easily convinced that a Jamf team member has provide that method by error during a webinar about "Apple OS upgrade : Catalina, IpadOS, iOS 13 & tvOS 13" saying we could delay the availability on macOS.
In that specific context, it was clear we were talking upgrade.

dvsjr
New Contributor II

One quick note, we are a large enough user base and small enough staff to have been dismayed that the work and forethought we put into blocking Catalina for our users was thwarted by the update from Apple. That the community would work and share their helpful suggestions to then find a workaround is very much appreciated by us. The hands on involvement from the macadmin community is still an essential part of macintosh administration.

bmack99
Contributor III

@nstrauss - Forgive my ignorance I haven't worked with Extension Attributes much. I'm trying to play out the implementation of the EA for figuring out how many machines have run this policy. Would you be able to share some more info on how the EA works and how to utilize it for the purposes of identifying machines that have run this policy to ignore the 10.15 upgrade?

AdamCraig
Contributor III

@jwojda

I converted you lines of code into a config profile that takes permanent effect.

https://www.jamf.com/jamf-nation/discussions/32208/adding-macos-catalina-to-the-restriction-list#responseChild191664

nstrauss
Contributor II

@brianmcbride99 No shame in learning. Here's a quick rundown of how to use the EA.

  1. Add a computer extension attribute under Computer Management > Extension Attributes. Make sure the data type is string and input type script. 4a31fdc099af428b81773410cac85afe
  2. Your Mac fleet will start reporting on that extension attribute after an inventory update/recon. 75ff5353baab40dba382361596af1b16
  3. Then create a new advanced search or smart group with the EA as criteria like that value. For example - "Ignored Software Update like macOS Catalina" or "Ignored Software Updates not like Catalina". Either will give you a smart group which can be used to scope a policy. 180addcb973542a4b60bbad74359dc94
  4. If you used the "like" operator then you could exclude all Macs that fall into that smart group from your policy. Opposite way of doing that is to use the "not like" operator and make that smart group the target of your policy. That is to say, every Mac with inventory data where macOS Catalina is not in the ignored software update list is in scope for this policy, and should run it on next trigger. 6657998c0f6d4ae89f67f8778db09d30

I hope that's somewhat helpful!

stphnlee
New Contributor II

This is very helpful!

Hopefully someone can figure out how to also suppress the badge on System Preferences.

04d8d34b3dc74e8284e1f12061cb51db

AdamCraig
Contributor III

@stphnlee

I posted about how to do that in this other thread. https://www.jamf.com/jamf-nation/discussions/32208/adding-macos-catalina-to-the-restriction-list#responseChild191664

dgreening
Valued Contributor II

For those of you seeing the Catalina 10.15.1 upgrader re-appear even after ignoring the "macOS Catalina" update, I would suggest re-running the ignore command on your 10.14.x Macs.

kevin_v
Contributor

Any fixes for when "sudo softwareupdate --reset-ignored" doesn't actually reset the ignored list?

Gascolator
New Contributor III

After the 10.14.6 update, this prompt is again showing up for my users. I did a little digging today and saw this in terminal:
d8a83f7cfd6a4b539ea6a7da5354dd4c

IT-Chris
New Contributor III

Ignoring software updates is deprecated.
The ability to ignore individual updates will be removed in a future release of macOS.

Looks like apple is going to force the update now.I have lot of MacOS Users with DVD players that Catalina basically kills the machine with slowness.. Thanks Apple

jtrant
Valued Contributor

Adding a restricted software record will take care of forced upgrade. I'm seeing reports from users that they are being prompted again, despite a monthly scheduled policy to hide the update. I've now made it weekly.

erichughes
Contributor II

Its always nice to see people/computers popping up in your Catalina OS Smart Groups who shouldn't be. Does the command -sudo softwareupdate --ignore "macOS Catalina" still work just needs to be re-run? I have that policy in place already and can flush the caches so it runs, just don't want to bother if it doesn't do the trick.

jtrant
Valued Contributor

I'm testing that right now, but it doesn't seem to hide the macOS Catalina update after 2020-003 for Mojave is installed.

Resetting ignored updates and running softwareupdate --list reports "No new software available" so there is no longer an 'update' for Catalina we can hide.

I have raised this with our AAM and enterprise support, and suggest others do the same.

Some good reading here, although it won't help us now: https://mrmacintosh.com/10-15-5-2020-003-updates-changes-to-softwareupdate-ignore/

carlo_anselmi
Contributor III

@jtrant I think unfortunately that's the expected behaviour from now on (that is after 2020-003 for Mojave is installed)

jtrant
Valued Contributor

@carlo.anselmi yes, but it's not supposed to be an issue until macOS 10.16. Dropping the same change in behavior into Mojave (and High Sierra) with zero notice is not cool.

Jason33
Contributor III

I've already had our Service Desk send me 5 emails from users asking if they can now upgrade.

elsmith
Contributor

We are seeing this as well. We also have a policy to restrict the install, but that is not working, either - we have had at least six successful attempts to install even with "Install macOS Catalina.app" in Restricted Software. Is anyone else seeing that issue?

jtrant
Valued Contributor

@elsmith have you considered running 'jamf manage' on your clients using a Policy with the "Files & Processes" payload? The old blacklist.xml file is gone and I'm not sure if there is a way to ensure devices have the correct Restricted Software records, but the above should at least get the list updated on your clients.

I have not seen any erroneous upgrades to Catalina, but I am concerned that Restricted Software is now the only thing stopping them. Users can also get crafty and rename the installer, bypassing the restriction.

elsmith
Contributor

@jtrant I'm not sure what you mean - how would I do that? (the policy with the "files & processes" payload)

guidotti
Contributor II

@elsmith you would just insert a jamf manage in that payload to hopefully update their restricted software list, they are saying.

jtrant
Valued Contributor

@elsmith, @guidotti - precisely.

elsmith
Contributor

@guidotti @jtrant gotcha!! LOL Thank you!

Jason33
Contributor III

I just deployed the 10.15.5 update to a test machine, and it renamed the Computer Name to MacBook Pro. Anyone else seeing this happen on any machines?

erichughes
Contributor II

We have not seen that but all of ours that have updated have been user installs from System Preferences / Software Update.

endor-moon
Contributor II
Ignoring software updates is deprecated. The ability to ignore individual updates will be removed in a future release of macOS.

I find it highly objectionable that Apple is twisting our users' arms here at least once per day to upgrade to Catalina, which breaks a number of software packages and printer drivers and is still, IMHO, not as stable as High Sierra and Mojave. Next they'll be allowing users to update without an admin password. At one point, this "ignore" thing would make Catalina disappear from the Software Update preference pane. Now it is there all the time.

sintichn
New Contributor III

@Jason33 Yes, was just testing a brand new 10.15 2020 macbook pro and this happened to me as well upon the first update. Then I found this... https://mrmacintosh.com/10-15-4-supplemental-update-resets-computername-hostname-to-default/ Seems to be an Apple issue that was not fixed in the latest update.

jtrant
Valued Contributor

The ability to ignore updates has not yet been removed, but Catalina is no longer considered an update (nor does it appear in the SWU catalog) so there is no way to ignore it at this point.