It’s Apple upgrade season! At JNUC, we’re hearing lots of talk and tip-trading among customers on how to get their Macs up to scratch so they’re able to upgrade. Jonathan Yuresko and Daniel Mintz of Jamf led a session today to help attendees best prepare their machines.
If you’re looking to upgrade, you need a mechanism to do this in a controlled environment. Using an example of upgrading a machine to High Sierra (but also works to upgrade to Apple’s latest OS, Mojave), Mintz and Yuresko walked through the steps needed to successfully upgrade your fleet.
At the heart of this is the Install MacOS High Sierra Application (again, this workflow works for macOS Mojave). Inside the Install Mac OS High Sierra app we have the startosinstall utility. When ran, this will trigger an in-place upgrade.
Getting ready for an in-place upgrade
To get prepared for an in-place upgrade, Yuresko explained, first Smart Groups need to be created to identify which machines are compatible with High Sierra and actually need to be upgraded to High Sierra. Group number one is to check if the machine model is incompatible with High Sierra. Its criteria is a long list of all the non-compatible machine models. The second group is a nested group, and says the machine is not a member of group or Mac is incompatible with macOS High Sierra and operating system is 10.10. or 10.11. or 10.12.
Then, the High Sierra Installer needs to be packaged up. Put the latest version in the Applications folder, then drag it to Composer and built it as a DMG. Once the package is built, upload it to Jamf Pro. Next, prepare a policy to cache the High Sierra installer. Give it a custom trigger, then scope this policy to all managed devices.
Now time to prepare the script.
Take note here of the $ variables 4,5 & 6. These are set in your policy and reference the location of the installer, the version of the installer and the custom trigger we set in our cache High Sierra policy. Next, make the policy put the upgrade of High Sierra in Self Service.
Once everything is ready, the user will be able to go to Self Service and select upgrade. This triggers the script. The script then checks the machine, and if it does not have the High Sierra installer already, it runs the custom trigger, downloads the installer and then runs the Jamf Helper. The user then sees the download screen and the upgrade begins!
Erasing and Installing macOS
Erasing an existing macOS uses the same startosinstall binary that we use for the in-place upgrade. As of 10.13.5 Apple introduced the --eraseinstall flag. One thing to note, is this only works if the High Sierra installer being used is 10.13.5 or higher and the target OS starts on 10.13.5. APFS must also be running, and like an in-place upgrade to High Sierra, the installer must be present on the Mac.
Erase and install complete! Now it’s time to get the Mac back under management.
If the Mac is a Device Enrollment Program (DEP) device, now part of Apple Business Manger or Apple School Manager, you can just run it through the pre-stage enrollment again and it will join back to Jamf. If the Mac is not DEP, then you can use Apple’s --installpackage flag that can be used with eraseinstall. This would allow admins to run a modified quick add package at the end of the erase to get the Mac re-enrolled into Jamf.
To make it all one seamless process, Yuresko put together a solution which allows an admin to prepare a Mac for eraseinstall and make sure it’s ready for the next user.
- Custom QuickAdd package to enroll machines and auto-configure.
- Cache macOS Installer on desired machines.
- startOSInstall binary script in Jamf Pro with --installpackage.
- Smart/Static Group scoped policy for desired computers.
Voila! You’re left with machines that are wiped clean, enrolled and provisioned!
Not already a Jamf Pro customer? Take our best-of-breed Apple management solution for a free trial and put these workflows to the test.
Subscribe to the Jamf Blog
Have market trends, Apple updates and Jamf news delivered directly to your inbox.
To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.