Switch branches/tags
Nothing to show
Find file History
Latest commit fea49d9 Mar 9, 2018
Permalink
..
Failed to load latest commit information.
resources Delete remove_Install_macOS_Sierra.sh Jan 4, 2018
README.md Update README.md Mar 10, 2018

README.md

Self Service macOS Upgrades

We decided early on that we wanted to utilize Self Service for more intrusive tasks, such as macOS upgrades, while still maintaining the flexibility that our existing software deployment approach afforded us.

Please read the Upgrading From macOS Sierra section of Misadventures With SecureToken before upgrading FileVault enabled systems to macOS High Sierra.

Prerequisites

Complete the tutorial Software Packaging and upload the resulting package and scripts to your JAMF Pro distribution point before proceeding. For this example, we are deploying Install macOS High Sierra.

Smart Computer Groups

As previously mentioned, we leverage Smart Computer Groups to handle the logic of determining when software should be deployed, updated or removed from a particular workstation.

deploy_macOS High Sierra

Create a Smart Computer Group called deploy_macOS High Sierra with the following criteria now.

deploy-macos-high-sierra-criteria

remove_macOS High Sierra

Create a Smart Computer Group called remove_macOS High Sierra with the following criteria now.

remove-macos-high-sierra-criteria

exclude_macOS High Sierra

Create a Smart Computer Group called exclude_macOS High Sierra with the following criteria now.

remove-macos-high-sierra-criteria

deploy_macOS High Sierra (Self Service)

Create a Smart Computer Group called deploy_macOS High Sierra (Self Service) with the following criteria now.

deploy-macos-high-sierra-self-service-criteria

Policies

For this deployment scenario, we will still create two policies to handle the installation and removal of the Install macOS High Sierra.pkg package, but we’ll also create a third policy specifically for Self Service.

Install_macOS High Sierra

Create a Policy called Install_macOS High Sierra with the following configuration now.

  • General
    • Recurring Check-In
    • Execution Frequency: Ongoing
  • Package
    • Packages: Install macOS High Sierra.pkg
    • Action: Install
  • Maintenance
    • Update Inventory
  • Scope
    • Targets: Specific Computers: deploy_macOS High Sierra
    • Exclusions: exclude_macOS High Sierra

Remove_macOS High Sierra

Create a Policy called Remove_macOS High Sierra with the following configuration now.

  • General
    • Recurring Check-In
    • Execution Frequency: Ongoing
  • Package
    • Packages: Install macOS High Sierra.pkg
    • Action: Uninstall
  • Scripts
    • Scripts: remove_Install_macOS_High_Sierra.sh
    • Priority: After
  • Maintenance
    • Update Inventory
  • Scope
    • Targets: Specific Computers: remove_macOS High Sierra
    • Exclusions: exclude_macOS High Sierra

macOS High Sierra

Create a Policy called macOS High Sierra with the following configuration now.

  • General
    • Execution Frequency: Ongoing
  • Files and Processes
    • Search for Process: Self Service: Kill process if found
    • Execute Command: /Applications/Install\ macOS\ High\ Sierra.app/Contents/Resources/startosinstall --agreetolicense --rebootdelay 0 | /Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -heading "The upgrade to macOS High Sierra is now in progress." -description "You may be prompted to enter your password upon restart." -icon /Applications/Install\ macOS\ High\ Sierra.app/Contents/Resources/ProductPageIcon.icns
  • Scope
    • Targets: Specific Computers: deploy_macOS High Sierra (Self Service)
    • Exclusions: exclude_macOS High Sierra
  • Self Service
    • Make the policy available in Self Service
    • Self Service Display Name: macOS High Sierra
    • Button Name: Upgrade
    • Description: Upgrade your workstation to macOS High Sierra. This process may take awhile, so we recommend that you begin just prior to leaving for the day.
    • Ensure that users view the description

Putting It All Together

Now that we have all of the components in place for our Self Service macOS upgrade, simply assign the users workstation to the macOS High Sierra Static Computer Group. The user will then see the macOS High Sierra policy in Self Service once the package has successfully deployed to their workstation.

Should you ever need to force users to upgrade to macOS High Sierra without their interaction, simply change the Trigger on the macOS High Sierra policy to "Recurring Check-In" and remove it from Self Service.

macos-high-sierra-self-service.png