anyone try to install in a VM yet?
@davidi4 In a VM? Doesn't everyone just install Beta 1 on all their devices first day?
Go big or go home. 
Does anyone know what the application name is to block, as we don't want our devs to install Big Sur just yet.
@amorrisuk the Downloaded 'Enrollment' application to install the Dev Beta profile is
macOSDeveloperBetaAcessUtility.pkg
The installer for the Beta is
Install macOS Beta.app
From what I read online, I guess an easy initial restriction is to block the upgrade package for macOS Catalina 10.15.6 beta named "macOSDeveloperBetaAccessUtility.pkg", one needs the beta to get the upgrade to Big Sur 10.16. At that point, you can just restrict "Install macOS Beta.app"
Just tried a DEP build on my DEV instance, doesn't look like Jamf installed the binary at all. Had to use a quickadd PKG for it to enroll into Jamf
Jamf 10.22 also does not recognise the Disk Encryption State of a device.
The catch all way to block macOS installers has been to restrict the process InstallAssistant
(courtesy of @mm2270), which is the GUI for the installer. Somebody should verify that with the Big Sur beta installer though.
If your users have admin rights you may also want to restrict startosinstall
. The benefit of not doing that is you can call it from a policy without having to remove the software restriction, and Jamf Pro still seems to have a problem doing that in a timely/reliable manner.
@sdagley I just tried it on a Jamf'd VM with that InstallAssistant restricted and it still allowed the installer to go through..
Thanks for the update @jwojda. That is unfortunate as that process block has lasted me through the past 3 versions of macOS.
@txhaflaire : You ... did get the notice about Jamf 10.22, right?
@jwojda : I restricted in Jamf by "Install macOS Beta.app" and unchecked the "exact process name" box. Jamf was able to catch / kill the following attempts:
- Launching
Install macOS Beta.app
via Finder
- Running
Resources/startosinstall
via Terminal
- Running
Contents/MacOS/InstallAssistant
via Terminal
@bradtchapman hmm, not sure why it wasn't working for me. maybe because I was on a VM? but I had full connectivity, and ran jamf manage prior to my testing to ensure I had the current restrictions.
I'll keep messing with it.
I had no luck using the JAMF QuickAdd.pkg ... it failed to install (but jamf binary was there so I guess part of it worked). Also in the logs there were references to the Jamf stuff saying:-
"(com.jamfsoftware.jamf.agent): This service is defined to be constantly running is inherently inefficient."
@bradtchapman Yes i did get the notification, but we are an EU cloud customer so we did get upgraded automatically and mitigations should have been take care off.
@eaititig : first of all, enrollment is hella broken in Big Sur. Jamf knows this and they're working on it.
Also, QuickAdd is deprecated and should not be used anymore. Jamf stopped using it by default after March 2018, when MacOS 10.13.2 started requiring "User Approved MDM." The package itself installs the jamf binary and then triggers jamf mdm
, which uses the 'sideload' technique of installing the profile. This is 100% unsupported in Big Sur, and was also called out in the release notes as well as mentioned in the "What's New for Managing Apple Devices" presentation released today.
If your Jamf server is still issuing QuickAdd packages, you should call support and ask them for help removing the "custom JSS knobs" from your database. These tweaks are forcing Jamf to artificially offer QuickAdd packages beyond the normal supported OS version.
If anyone needs to convert the .app installer to a bootable .dmg for use in VMWare Fusion before they have official support ("early July"), here's a quick script I put together today and hosted in Self Service for our testing group:
#!/bin/bash
####################
# Notes #
####################
#
# Created 20200625 by Nathan Worster
#
# This script assumes that the macOS Beta installer is already staged in the Applications folder, and will convert that .app installer into a bootable .dmg.
# To download the latest macOS beta, go to https://developer.apple.com/download/ or, if applicable, https://appleseed.apple.com/.
# The .dmg file will be placed in ~/Downloads.
# This script must be run with sudo using "sudo bash <filename>" if run outside of an MDM.
#
####################
# Variables #
####################
dmgName=$"macOS11BigSurBeta"
####################
# Script #
####################
cd ~/Downloads
# Create and mount sparse volume:
hdiutil create -o install_container -size 20G -layout SPUD -fs HFS+J -type SPARSE
hdiutil attach install_container.sparseimage -noverify -mountpoint /Volumes/install_build
# Copy contents of installer .app into mounted volume:
/Applications/Install macOS Beta.app/Contents/Resources/createinstallmedia --nointeraction --volume /Volumes/install_build
# Detach the completed image:
hdiutil detach -force /Volumes/Install macOS Beta
# Convert and rename the image:
hdiutil convert install_container.sparseimage -format UDZO -o $dmgName.dmg
# Cleanup
rm install_container.sparseimage
exit 0
FYI Big Sur still showing up as 10.16 when using smart groups NOT 11.0 as it's meant to! Sure JAMF know about this but that was 30 minutes of my life I won't get back figuring it out!
I've got Beta 2 running in a VM (thanks @ncworster !) but any attempts to go to the user-initiated enrollment page result in a configuration profile being downloaded (with the icon of a generic text file) and launching that profile automatically kicks me back to the login window and from that point forward, a few seconds after logging in, I'm kicked back out again. Had same issue with Beta 1. It sounds like some folks have gotten Big Sur machines enrolled--how did you do it? Not particularly upset about it by any means...the fact it even boots this early in the beta process is still impressive enough to me.
@mpout we were on an Apple call yesterday, asked them why sw_vers
shows 10.16, their response was they'll be fixing that soon.
Did some testing with Beta 3 today. I'm still having issues with the Jamf binary installing via user initiated enrollment (MDM Profile). It does seem to work if I request a quick package with the UIE link.
About this mac is now show as Version 11.0 Beta.
Seeing issues with Symantec apps. (ie SEP & WSS)
Still having issues escrowing FV2 key.
The Public version of Big Sur just got released today. Does anyone know if the application to restrict is Install macOS 11.0 Beta.app or is it still Install macOS 10.16 Beta.app but only says 11.0 in the System Preferences? Can anyone confirm?