Posted on 10-25-2021 07:50 PM
Hi all,
Referring to this macOS installer script.
macOSUpgrade/macOSUpgrade.sh at master · kc9wwh/macOSUpgrade · GitHub
This script works fine for Intel Macbook upgrading to macOS Monterey 12.0.1.
But it does not work with Apple Silicon Macbook 😞
When attempting, I get the following error:
Investigating further, I run the following in a M1 Mabook's terminal.
/Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps
Error: A method of password entry is required.
Usage: startosinstall
.....
The error suggests I need to supply admin username and password via
--user, an admin user to authorize installation.
--passprompt, collect a password for authorization with an interactive prompt.
--stdinpass, collect a password from stdin without interaction.
I want JAMF to execute this. I DO NOT want to need to supply admin account and password.
Anyone got any suggestions?
Solved! Go to Solution.
Posted on 11-04-2021 12:22 AM
Hi there,
I managed to get the upgrade to Monterey running on an M1 macbook via Self Service with the help of a script from https://github.com/therealmacjeezy/Scripts/tree/master/macOS%2010.14%20Update%20Script, it was originally created for upgrading to Mojave but I made some adaptations to get it running for Monterey.
You will need to create the installer package and have it within the self service policy, the install macOS Monterey.app has to be available for the script to work. Got it here: https://scriptingosx.com/2021/10/download-full-installer-update/
Most important - the logged in user has to have a secure token. This user does not necessarily have to be an admin.
this is the main key that triggers upgrade.
echo $fvPass | ./startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass
Posted on 11-09-2021 01:19 PM
Actually I wasn't patient enough. Works like a charm!
11-10-2021 10:41 AM - edited 06-29-2022 11:22 AM
Latest version working on both M1 and Intel macs
#!/bin/bash
# Pulls the current logged in user and their UID
currUser=$(ls -l /dev/console | awk '{print $3}')
currUserUID=$(id -u "$currUser")
fvPass=$(
# Prompts the user to input their FileVault password using Applescript. This password is used for a SecureToken into the startosinstall.
/bin/launchctl asuser "$currUserUID" sudo -iu "$currUser" /usr/bin/osascript <<APPLESCRIPT
set validatedPass to false
repeat while (validatedPass = false)
-- Prompt the user to enter their filevault password
display dialog "Enter your macOS password to start the macOS upgrade" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" buttons {"Continue"} default button "Continue" with text and hidden answer
set fvPass to (text returned of result)
display dialog "Re-enter your macOS password to verify it was entered correctly" buttons {"Continue"} with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns" default answer "" default button "Continue" with text and hidden answer
if text returned of result is equal to fvPass then
set validatedPass to true
fvPass
else
display dialog "The passwords you have entered do not match. Please enter matching passwords." with title "FileVault Password Validation Failed" buttons {"Re-Enter Password"} default button "Re-Enter Password" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:FileVaultIcon.icns"
end if
end repeat
AppleScript
)
##Heading to be used for jamfHelper
heading="Please wait as we prepare your computer for macOS Monterey..."
##Title to be used for jamfHelper
description="
This process will take approximately 20-30 minutes.
Once completed your computer will reboot and begin the upgrade which can take an additional 15-20 minutes."
##Icon to be used for jamfHelper
icon=/Applications/Install\ macOS\ Monterey.app/Contents/Resources/InstallAssistant.icns
##Launch jamfHelper
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &
jamfHelperPID=$!
##Start macOS Upgrade
echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass --pidtosignal $jamfHelperPID >> /var/log/startosinstall.log 2>&1 &
exit 0
edited to include the fix from @benjmars
Posted on 07-27-2022 02:06 PM
Might be a dumb question but will this script work on end-users accounts that are standard and not admin. But the account is listed in fdsetup.
Thank you for the work.
Posted on 07-28-2022 06:08 AM
this should work on standard or admin accounts.
07-28-2022 07:07 AM - edited 07-28-2022 07:07 AM
Thank you.
I am having other issues and posted another question on the topic.
Do not see a restart happen after the download of the install.app and after putting in my test credentials. Account is standard, in fdesetup. Just weird the process hangs at the full-screen helper prompt.
Posted on 07-28-2022 07:37 AM
what do the policy logs say?
07-28-2022 07:48 AM - edited 07-28-2022 07:51 AM
not all that much. the install downloads, then I am prompted for passwords, then the full screen then nothing. I am adding just a few of my own informational helper prompts but those happen before the download. I am also adding a deferment of 1 day. We need to give our end user a little time.
07-28-2022 08:01 AM - edited 07-28-2022 08:02 AM
what do the logs look like when you run the script the way it is without your changes? Also I have the download of the installer as a separate deployment. using the software update terminal command.
Posted on 07-28-2022 08:04 AM
I can take a look and run again but adding prompts should not hurt. In fact, this worked before. But maybe the deferment is causing the issues.
07-28-2022 07:55 AM - edited 07-28-2022 07:59 AM
Here is the policy log from the script portion that is kicked off by the trigger:
Executing Policy (New) Upgrade macOS Monterey Silicon |
Running script M1 and Intel Upgrade to macOS Monterey... |
Script exit code: 0 |
Script result: |
Running Recon... |
Retrieving inventory preferences from https://12345.jamfcloud.com/... |
Locating software updates... |
Searching path: /System/Applications |
Locating plugins... |
Locating accounts... |
Locating package receipts... |
Gathering application usage information from the JamfDaemon... |
Locating printers... |
Searching path: /Library/Application Support |
Searching path: /Applications |
Locating hardware information (macOS 11.6.7)... |
It is running now.
Posted on 07-28-2022 02:46 PM
We have tested this script using a self-service policy. The test MacBook is on macOS Big Sur and we have tried using the 12.4 and 12.5 macOS Monterey installer. The account is a standard account with securetoken and FileVault enabled.
The policy runs but we get stuck on the waiting screen. After checking the logs, we keep getting this error "Error: could not get authorization ...." Any insight or ideas to fix this error?
Posted on 09-01-2022 03:22 PM
This is *not* working for me to update M1 Macs already on Monterey up to 12.5.1. For users *confirmed* to have SecureToken, and with a meticulously correctly typed password, the startosinstall.log *still* shows "Error: could not get authorization…" Hope someone has some insight; management urgently wants all these systems patched.
Posted on 09-21-2022 07:29 AM
This solution has been working so beautifully on my Intel and M1 machines, thank you!! Is it possible to add a conditional statement in the beginning that double checks that the installer is downloaded before proceeding and then prompt the user to contact IT for support? I tried playing with it, but my scripting isn't that good yet.
Posted on 09-21-2022 08:06 AM
Posted on 09-21-2022 08:08 AM
Sorry that posted in the wrong place - was meant as a separate question for me.
Posted on 01-29-2022 09:41 AM
Thanks for this, man! It worked very well, but I'm puzzled by something though: the Self Service policy triggering the upgrade is not showing up in the Policy logs, so I cannot see which devices have been used it so far. Any ideas? Attaching the screenshots with 1 M1 device that I've tested with and the logs in Jamf for the Self Service policy...
Posted on 01-31-2022 07:46 AM
replace the last line with
echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass --pidtosignal $jamfHelperPID >> /var/log/startosinstall.log 2>&1 &
Posted on 01-31-2022 09:13 AM
Yep! It worked now! :)
Thanks again @AtillaTheC ! ;)
Posted on 02-28-2022 01:32 PM
This is awesome. Thank you. Any way to add a progress bar to this or know where it is in the process?
Posted on 03-30-2022 05:59 AM
You would need to use something like DEP notify for a feature like that.
Posted on 11-04-2021 09:36 AM
If I could give more kudos to you two, I would. Thank you!
Posted on 11-04-2021 07:20 PM
Thanks @oit-jamf
Your line
echo $fvPass | ./startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass
really does work!
Now user is prompted for the their password, and it does proceed to start macOS Monterey installation.
Thanks a million.
Now the real in-house testing of Monterey upgrade begins. Good luck to all Mac Admins.
Posted on 11-24-2021 08:42 AM
Both the M1 and intel version work great for us- and launches into the installer very quickly.
But of course it doesn't work for Big Sur. Auto launching the Big Sur installer continues to be a nightmare.
11-29-2021 01:07 PM - edited 11-29-2021 01:22 PM
This is my working execute command for intel: /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps
My question is for the M1, how would I edit this command that works on intel to work for M1?
Would it be just like this below? or do I replace "$fvPass" with our local admin pw that is filevaulted on our macs?
echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --nointeraction --forcequitapps --user $currUser --stdinpass
Posted on 11-30-2021 02:32 AM
Hallo Will92,
well in your case you would have to put the password. I believe there is a way to like have it garbled and not showing in plain text within the script. There should but be another enabled FileVault user on your devices besides your local admin on the devices, no? If so , please have a look at the script posted above by JamieG.
Posted on 12-22-2021 03:46 AM
Both on the M1 and Intel Chips we get the error message. We tried the solutions from AtillaTheC.
Anyone experiencing the same issues? Any help regarding this?
Posted on 12-22-2021 08:06 AM
Do you have any software ristrictions still in place i.e install asssistant or the monterey app?
Posted on 12-23-2021 01:54 AM
Seems to be working now... I guess I was just not patient enough waiting for the command to run. Also I found out that the Install Monterey App can not be running or else it will break the cycle of the command for some reason.
Posted on 12-23-2021 12:06 AM
Hello Everyone
What am i doing wrong here this did not work on a M1 and Intel as well
Posted on 12-23-2021 06:47 AM
You havent actually put whats not working for you, or what errors your getting? or the script output
12-24-2021 03:09 AM - edited 12-24-2021 03:43 AM
Hi SCCM, Actually M1 macs are looking for admin rights to proceed with upgrade. I got this when I tried:
echo $fvPass(local admin password) | /Library/Jamf/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $LocalAdmin --stdinpass
If you do not agree, press CTRL-C and cancel this process immediately.
Error: could not get authorization...
Do you have any other thoughts on this?
for FV2 enabled user: Error: You must provide authorisation for this volume by setting it as your startup disk.
12-24-2021 04:13 AM - edited 12-24-2021 04:21 AM
it shouldnt be asking for admin if your running the script via jamf on a computer level, but the users will need to put there logged in account password in for the install to complete. Are the users getting the prompt, and are they typing it in?
Plus your line reads echo $fvPass(local admin password) | where in the dump above it shows echo $fvPass | . Try checking that line again
echo $fvPass | /Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction --user $currUser --stdinpass
Also worth checking that the users are filevault enabled or it will not work
Posted on 12-23-2021 01:04 PM
I have an M1 that I believe i've followed all the steps on - it runs the script, goes to a black screen with the Please wait.... and then never reboots. When I look at the Policy Log it shows it running, downloading monterey and then verifying the package and installing, then closing the package, then step 4 and 5 and shows completed. But the device is still sitting at the initial full screen splash page and hasn't gone anywhere from there. Not sure what I'm missing.
Posted on 12-23-2021 02:19 PM
I would pre-download monterey in a separate policy and verify its there then a separate one to call the script.
Posted on 01-05-2022 08:56 AM
My Intel chip Macs did this exact thing. No luck with actually executing the script on Intel macs.
Posted on 01-05-2022 09:06 AM
After more testing the M1 script is working on both Intel and M1 macs, try using that one.
Posted on 01-05-2022 09:10 AM
I'll try the M1 script again.
The below is not working for me either at this point... IDK why its different with every OS version.
Super frustrating. This "script worked flawlessly on the Big Sur upgrade (changing the app name within the script)
'Applications/Install macOS Monterey.app/Contents/Resources/startosinstall' --agreetolicense --forcequitapps --nointeraction
Posted on 12-23-2021 04:05 PM
Appreciate the advice. I had done that previously in my efforts. I am beginning to suspect the original upload had an issue. So I'm going to push a new version up and see if I fair better. Taking of course your advice to keep the steps separate. Will let you know how it goes. Thank you.
Posted on 12-24-2021 05:17 AM
I don't even push the installer from JAMF I just run the below to have each machine download it from apple.
softwareupdate --fetch-full-installer
Posted on 01-05-2022 09:08 AM
I ended up using the below instead due to inconsistencies in the version people were pulling.
softwareupdate --fetch-full-installer --full-installer-version=12.1
Posted on 01-05-2022 09:14 AM
Can confirm, the above works flawlessly for my Intel devices. Haven't tested the M1 with this command yet.
I entered this in the Files and Processes>Execute Command section of a new Policy.
Posted on 01-11-2022 09:05 AM
Did anyone found a solution for upgrading the Intel Macs to monterey via script ? Above mentioned scripts didn't work for me on Big Sur to Monterey upgrade. the Jamf helper screen simply sits on the desktop after running the above script (I'm mentioning intel Macs only)