Skip to content

Legacy 8. Use in Jamf Pro

Jump to bottom
Graham Pugh edited this page Jan 15, 2023 · 1 revision

There are two ways you can use the script in Jamf Pro.

Option 1: Installer package (recommended)

The installer package contains the latest copies of erase-install.sh and the forked installinstallmacos.py, and will place them on the system in the /Library/Management/erase-install folder. This is the most secure way of deploying erase-install as all the components are included.

Attach this package to a policy, and use the Execute Command field to run the script with the desired parameters, for example:

/Library/Management/erase-install/erase-install.sh --os=11 --update --reinstall --confirm --depnotify

Alternatively, you can add a launcher script to the policy that runs the above command. The advantage of a launcher script is that if erase-install fails for some reason, this will get reported as a failure to the Policy Logs, whereas the Execute Command always returns a success. With erase-install version 27.0 and above, we supply an example launcher script, erase-install-launcher.sh, that you can upload to Jamf, add to your policy, and add your erase-install.sh arguments into the policy's script parameter fields (not the Parameter Labels of the script itself!!).

We now offer three installer packages:

  • erase-install-[version].pkg - this is the "default" package which includes erase-install.sh, installinstallmacos.py and a relocatable python framework. If you use the --depnotify option, the script will download the DEPNotify.app (unless you block it with the -no-curl option, in which case it will fail).
  • erase-install-depnotify-[version].pkg - this package includes erase-install.sh, installinstallmacos.py, a relocatable python framework and the DEPNotify.app for use with the --depnotify option. This package will therefore never have to download additional components.
  • erase-install-nopython-[version].pkg - this is a minimal package which includes erase-install.sh and installinstallmacos.py only. If you use this version, the script will download a MacAdmins python framework for use with installinstallmacos.py unless you block it with the -no-curl option, in which case it will fall back to using python2, which may not function on macOS Monterey or higher due to popup warnings. If you use the --depnotify option, it will also download the DEPNotify.app (again, unless you block it with the -no-curl option).

Option 2: Upload the script and use policy script parameters

If you upload the script directly into Jamf Pro, and are intending to attach it to a policy, then you can use script parameters to provide the arguments.

In the script parameters of the Policy (not the Parameter Labels of the script itself!!), add the desired options, including the -- double-dashes, just as if you are supplying them in the command line. Any parameters which provide a value must use an = so that they are interpreted as a single parameter. It does not matter which order the parameters are added.

To ensure that you have the latest version of installinstallmacos.py, I advise that you add the --force-curl parameter to download the script every time.

For example, to create a policy named Erase and Reinstall macOS which is scoped to models of Mac that can run the latest macOS Build Version, set parameters as follows:

  • Parameter 4: --force-curl
  • Parameter 5: --erase

If you want to use a particular Build ID, create a policy scoped to the devices that require the specific build, and set parameters as follows:

  • Parameter 4: --force-curl
  • Parameter 5: --erase
  • Parameter 6: --build=18A389

If you want to upgrade to the latest macOS, use:

  • Parameter 4: --force-curl
  • Parameter 5: --reinstall

If you want to upgrade to the latest macOS and ensure that any cached version is replaced when it gets out of date:

  • Parameter 4: --force-curl
  • Parameter 5: --reinstall
  • Parameter 6: --update

If you want to upgrade 10.14 Macs to 10.15, use:

  • Parameter 4: --force-curl
  • Parameter 5: --reinstall
  • Parameter 6: --os=10.15

If you just want to cache the latest installer app on the client, then I recommend these parameters:

  • Parameter 4: --force-curl
  • Parameter 5: --update

Just to reiterate, any parameter can be supplied in any order in the policy's Script Parameters section.

Policy Logs

Please note that when using this script in a Jamf policy with the --erase or --reinstall options, the policy will not be logged as completed, because the computer restarts before the script can complete. Therefore, it is important that you do not have this policy set to run automatically on a "Once Per Computer" basis. I recommend that you use it in Self Service, and for use with --reinstall (for upgrading) scope based on whether the OS you want to be installed is already on the client. For this to work effectively, you may want to create a policy that Updates Inventory on startup.

Clone this wiki locally