macOS 10.12.4 upgrade via Self Service fails

m_entholzner
Contributor III
Contributor III

hey guys, anyone else seeing this error when trying to create a macOS upgrade via Self Service?

Executing Policy Install macOS Sierra Upgrade
Installing macOS 10.12.4 Installer.dmg...
Preparing for in-place OS upgrade...
Failed to copy file to the install data folder. Failed to copy /Volumes/OS X Base System/Install macOS Sierra.app/Contents/Resources/brtool to /OS X Install Data/brtool: The file “brtool” couldn’t be opened because there is no such file.
Closing package...

This doesn't work with 9.97 and 9.98. The installer was created via dragging and dropping the downloaded macOS App Store installer into Casper Admin, as always.

Was there anything changed with the 10.12.4 installer which Jamf wasn't aware of?

92 REPLIES 92

Chris
Valued Contributor

Hey,

brtool has moved in 10.12.4, see https://twitter.com/mikeymikey/status/846445316790370305
I guess an update for Casper Admin is needed to fix it.

bkerns
New Contributor II

Yes, duplicated this morning. Looks like jamf will have to fix!

toconnor
New Contributor II

Can confirm, same issue.

NewmanAJ
New Contributor II

Ran into this exact issue yesterday while setting up our Self Service MacOS upgrade workflow. Good to see I'm not alone.

jeremygray
New Contributor

+1
Thanks for the sanity check!

jeremygray
New Contributor

+1
Thanks for the sanity check!

john_sherrod
Contributor II

Same here! Was just attempting to put in place a Sierra upgrade policy in Self Service for the first time and ran into this. :-)

Bernard_Huang
Contributor III

+1
I thought it was just me. But I have tried uploading via Casper Admin twice, and have tried to install via Self Service 5 times. It always fails.
Thankfully I found this discussion :)

Extra note: The macOS 10.12.4 combo update works. We've tested this via push update to any MacBook that is 10.12.x and it works fine.

bdelamarche
New Contributor III
New Contributor III

+1 same for us

bdelamarche
New Contributor III
New Contributor III

Hi all try this,
https://github.com/kc9wwh/macOSUpgrade
Best Benoit

francktournant
New Contributor II

+1 too.
Same problem for us.

bdelamarche
New Contributor III
New Contributor III

Hi,

It's working with the scripts thanks to Laurent Pertois for sharing an thanks to Joshua Roskos for this.
We just adapt a little bit the script for 10.12.4 because some option are no more present in the .app installer

Line 79 to 86

Check if installer is present

if [ -d /Users/Shared/Install macOS Sierra.app ]; then installerPresent="OK" /bin/echo "Installer present: OK - the installer is in /Users/Shared"
else installerPresent="ERROR" /bin/echo "Installer present: ERROR - the installer is not in /Users/Shared"
fi

Line 118
/bin/mkdir -p /usr/local/jamfps

Line 164
if [[ ${pwrStatus} == "OK" ]] && [[ ${spaceStatus} == "OK" ]] && [[ ${installerPresent} == "OK" ]]; then

Line 179 /Users/Shared/Install macOS Sierra.app/Contents/Resources/startosinstall --applicationpath /Users/Shared/Install macOS Sierra.app --agreetolicense --pidtosignal $jamfHelperPID &

On our side all is working with this workflow

Sandy
Valued Contributor II

I have added the Sierra Install using Device based Distribution from VPP to see if that works for my staff (slow rollout)
.Update: Staff have rights to App Store, but this unfortunately prompts for admin pw. boo

bdelamarche
New Contributor III
New Contributor III

Quick correction Line 179

Begin Upgrade /bin/echo "Launching startosinstall..." /Users/Shared/Install macOS Sierra.app/Contents/Resources/startosinstall --applicationpath /Users/Shared/Install macOS Sierra.app --nointeraction --pidtosignal $jamfHelperPID & /bin/sleep 3 else

bdelamarche
New Contributor III
New Contributor III

Quick correction Line 179

Begin Upgrade /bin/echo "Launching startosinstall..." /Users/Shared/Install macOS Sierra.app/Contents/Resources/startosinstall --applicationpath /Users/Shared/Install macOS Sierra.app --nointeraction --pidtosignal $jamfHelperPID & /bin/sleep 3 else

stwrz
New Contributor II

@bdelamarche

Would you mind posting the full, edited script?

AARP
New Contributor III

Normally, I would create an in-place upgrade policy that would install the cached installer package (that i cached with a previous policy) and then reboot to the installer with a restart option (see attached fig 1 and fig 2).
If I choose to use the script provided here, along with created a dmg of the installer and placing it in Users/Shared, do i still handle the overall policy the same with the added script? 1. Do i run the script as an "after" script or a "at reboot" script?
2. Do i set the policy restart options still to specify the start up disk as "OS X Installer"?
Thanks!afdedf44d2134cd2806687102a8810fe
595ca0b0c9f64d3e9b3476a452a7510f

tinsun
New Contributor II

I second what @stwrz said. :)
It would be nice to have the entire verified-as-working script, if you wouldn't mind sharing it, @bdelamarche . :)

Jason
Contributor II

I found out the hard way that I should also have a check in the script to verify that encryption of the disk has completed. I dropped a section in for that. This is what my "complete" version of the script is, but it won't be verified until I try to run through it again. The caveat to this as it is written, is that the disk must be encrypted. If other environments don't require this then just ignore that section.

#!/bin/bash

##
## Updated with comments posted in: https://www.jamf.com/jamf-nation/discussions/23551/macos-10-12-4-upgrade-via-self-service-fails#respond
##

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
#
# Copyright (c) 2017 Jamf.  All rights reserved.
#
#       Redistribution and use in source and binary forms, with or without
#       modification, are permitted provided that the following conditions are met:
#               * Redistributions of source code must retain the above copyright
#                 notice, this list of conditions and the following disclaimer.
#               * Redistributions in binary form must reproduce the above copyright
#                 notice, this list of conditions and the following disclaimer in the
#                 documentation and/or other materials provided with the distribution.
#               * Neither the name of the Jamf nor the names of its contributors may be
#                 used to endorse or promote products derived from this software without 
#                 specific prior written permission.
#
#       THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY
#       EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
#       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
#       DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY
#       DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
#       (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
#       LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
#       ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
#       (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
#       SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# 
# This script was designed to be used in a Self Service policy to ensure specific
# requirements have been met before proceeding with an inplace upgrade to macOS Sierra, 
# as well as to address changes Apple has made to the ability to complete macOS upgrades 
# silently. 
#
# REQUIREMENTS:
#           - Jamf Pro
#           - macOS Sierra Installer must be staged in /Users/Shared/
#
#
# For more information, visit https://github.com/kc9wwh/macOSUpgrade
#
#
# Written by: Joshua Roskos | Professional Services Engineer | Jamf
#
# Created On: January 5th, 2017
# Updated On: March 9th, 2017
# 
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# USER VARIABLES
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

##Enter 0 for Full Screen, 1 for Utility window (screenshots available on GitHub)
userDialog=0

##Title to be used for userDialog (only applies to Utility Window)
title="macOS Sierra Upgrade"

##Heading to be used for userDialog
heading="Please wait as we prepare your computer for macOS Sierra..."

##Title to be used for userDialog
description="
This process will take approximately 5-10 minutes. 
Once completed your computer will reboot and begin the upgrade."

##Icon to be used for userDialog
##Default is macOS Sierra Installer logo which is included in the staged installer package
icon=/Users/Shared/Install macOS Sierra.app/Contents/Resources/InstallAssistant.icns

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# SYSTEM CHECKS
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

##Check if installer is present
if [ -d /Users/Shared/Install macOS Sierra.app ]; then
    installerPresent="OK"
    /bin/echo "Installer present: OK - the installer is in /Users/Shared"
else
    installerPresent="ERROR"
    /bin/echo "Installer present: ERROR - the installer is not in /Users/Shared"
fi

##Check if Disk is encrypting
encryption=$( diskutil cs list | grep "Conversion " )
if [[ ${encryption} == *"Complete"* ]]; then
    encStatus="OK"
    /bin/echo "Encryption Check: OK - Not Encrypting"
else
    encStatus="ERROR"
    /bin/echo "Encryption Check: ERROR - Encryption In Process"
fi

##Check if device is on battery or ac power
pwrAdapter=$( /usr/bin/pmset -g ps )
if [[ ${pwrAdapter} == *"AC Power"* ]]; then
    pwrStatus="OK"
    /bin/echo "Power Check: OK - AC Power Detected"
else
    pwrStatus="ERROR"
    /bin/echo "Power Check: ERROR - No AC Power Detected"
fi

##Check if free space > 15GB
osMinor=$( /usr/bin/sw_vers -productVersion | awk -F. {'print $2'} )
if [[ $osMinor -ge 12 ]]; then
    freeSpace=$( /usr/sbin/diskutil info / | grep "Available Space" | awk '{print $4}' )
else
    freeSpace=$( /usr/sbin/diskutil info / | grep "Free Space" | awk '{print $4}' )
fi

if [[ ${freeSpace%.*} -ge 15 ]]; then
    spaceStatus="OK"
    /bin/echo "Disk Check: OK - ${freeSpace%.*}GB Free Space Detected"
else
    spaceStatus="ERROR"
    /bin/echo "Disk Check: ERROR - ${freeSpace%.*}GB Free Space Detected"
fi

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# CREATE FIRST BOOT SCRIPT
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

/bin/mkdir -p /usr/local/jamfps

/bin/echo "#!/bin/bash
## First Run Script to remove the installer.

## Clean up files
/bin/rm -fdr /Users/Shared/Install macOS Sierra.app
/bin/sleep 2
/usr/local/jamf/bin/jamf recon

## Remove LaunchDaemon
/bin/launchctl unload -w /Library/LaunchDaemons/com.jamfps.cleanupOSInstall.plist
/bin/rm -f /Library/LaunchDaemons/com.jamfps.cleanupOSInstall.plist

exit 0" > /usr/local/jamfps/finishOSInstall.sh

/usr/sbin/chown root:admin /usr/local/jamfps/finishOSInstall.sh
/bin/chmod 755 /usr/local/jamfps/finishOSInstall.sh

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# LAUNCH DAEMON
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

/bin/echo "<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 
<plist version="1.0"> 
<dict>
    <key>Label</key> 
    <string>com.jamfps.cleanupOSInstall</string> 
    <key>ProgramArguments</key> 
    <array> 
        <string>/usr/local/jamfps/finishOSInstall.sh</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
</dict> 
</plist>" > /Library/LaunchDaemons/com.jamfps.cleanupOSInstall.plist

##Set the permission on the file just made.
/usr/sbin/chown root:wheel /Library/LaunchDaemons/com.jamfps.cleanupOSInstall.plist
/bin/chmod 644 /Library/LaunchDaemons/com.jamfps.cleanupOSInstall.plist

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# APPLICATION
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

if [[ ${pwrStatus} == "OK" ]] && [[ ${spaceStatus} == "OK" ]] && [[ ${installerPresent} == "OK" ]] && [[ ${encStatus} == "OK" ]]; then
    ##Launch jamfHelper
    if [[ ${userDialog} == 0 ]]; then
        /bin/echo "Launching jamfHelper as FullScreen..."
        /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -title "" -icon "$icon" -heading "$heading" -description "$description" &
        jamfHelperPID=$(echo $!)
    fi
    if [[ ${userDialog} == 1 ]]; then
        /bin/echo "Launching jamfHelper as Utility Window..."
        /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "$title" -icon "$icon" -heading "$heading" -description "$description" -iconSize 100 &
        jamfHelperPID=$(echo $!)
    fi

    ##Begin Upgrade
    /bin/echo "Launching startosinstall..."
    /Users/Shared/Install macOS Sierra.app/Contents/Resources/startosinstall --applicationpath /Users/Shared/Install macOS Sierra.app --agreetolicense --pidtosignal $jamfHelperPID &
    /bin/sleep 3
else
    /bin/echo "Launching jamfHelper Dialog (Requirements Not Met)..."
    /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "$title" -icon "$icon" -heading "Requirements Not Met" -description "We were unable to prepare your computer for macOS Sierra. Please ensure you are connected to power and that you have at least 15GB of Free Space. 

    If you continue to experience this issue, please contact the IT Support Center." -iconSize 100 -button1 "OK" -defaultButton 1
fi

exit 0

bpavlov
Honored Contributor

The issue is described here: https://babodee.wordpress.com/2017/03/29/startosinstall-updated-in-macos-10-12-4-app-installer-and-c...

I updated my script to account for the change between 10.12.3 and 10.12.4, but you can just use other scripts and change the line that uses the startosinstall tool accordingly to remove the --volume / flag.

were_wulff
Valued Contributor II

Hey all,

We're aware of this issue and have it filed under PI-003792.

If you haven't already, and would like to get a case attached to PI-003792, please get in touch with Support.

Thanks!
Amanda Wulff
Jamf Support

jwojda
Valued Contributor II

@bpavlov what would be the easiest/best way to suppress the login wizard using the process from your link? I don't really want it prompting my users for FileVault and analytics data. Otherwise it worked, and the feedback is helpful to the end user(s).

bpavlov
Honored Contributor

@jwojda I'm not sure I follow. My script doesn't prompt for the FileVault credentials. Not sure what you mean by analytics data either. With that said, it might not be a bad idea to add a FileVault component so that it's not required upon restart (make this optional of course). Thanks for the idea.

jwojda
Valued Contributor II

@bpavlov It would be to suppress the Apple startup wizard thing. Sign in to iCloud, Setup FV, send crash data to Apple, turn on Siri, etc. I know your script doesn't do that, but wondering what would be the best options to do so, so the users get a more seamless experience.

bpavlov
Honored Contributor

None of that would be managed by my script as you've mentioned. But some ideas that come to mind to handle what you've mentioned (and others may have better suggestions): Configuration profiles would probably be the go to where possible. You can block all iCloud services with the Restrictions payload. I believe I saw there was an pref you can manage with a custom config profile to block Siri. The send diagnostics is in the Security and Privacy payload. And the enforcing FV I think you can probably do with a policy. You can also deploy a config profile to redirect FV keys to the JSS.

AVmcclint
Honored Contributor

I'm a little confused. Is this problem for the full-blown macOS Sierra 10.12.4 installer (for when you're running El Capitan or Yosemite and want to fully upgrade) or does this problem happen with the incremental 10.12.4 updater (for when you're already running 10.12.x<4) ? I've been holding off on putting the 10.12.4 updater in Self Service until I am 100% clear on it.

sepiemoini
Contributor III
Contributor III

@AVmcclint I am distributing the 10.12.4 incremental and combo updates within my organization. I am first scoping to those requiring the 10.12.4 combo update (those currently with 10.12.0-10.12.2 installed) and the incremental update (those currently with 10.12.3 installed) and then caching the installers to their Waiting Room folder. Once it has cached, I run a script once daily that present them with a Jamf Helper window which simply suggests that they perform the update in Self Service. Here's the script I am using and have had very good success with.

#!/bin/bash

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# Created by Sepie Moinipanah
# April 13, 2017
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# jamfHelper Variables
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

loggedInUser=$(stat -f%Su /dev/console)
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
windowType="hud"
description="The <OrgName> Helpdesk has prepared a macOS Sierra 10.12.4 update for your computer and asks that you please perform this task within 10 days. Please note that this process will require approximately 15-20 minutes and a reboot to complete.  

• To initiate this process now, click 'UPDATE' below and select the macOS Sierra icon once Self Service has launched.

• To defer, click 'Cancel'. 

If you have any questions or require assistance, please call +1 (###) ###-HELP."
button1="UPDATE"
button2="Cancel"
icon=/Applications/Utilities/Disk Utility.app/Contents/Resources/AppIcon.icns
title="Update Available: macOS Sierra 10.12.4"
alignDescription="left" 
alignHeading="center"
defaultButton="2"
cancelButton="2"
timeout="300"

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# System Checks
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

# Verify that macOS device is utilizing a power adapter or battery
pwrCheck=$( /usr/bin/pmset -g ps )
if [[ ${pwrCheck} == *"AC Power"* ]]; then
    pwrStatus="OK"
    echo "Power Check: OK - AC Power Detected"
else
    pwrStatus="ERROR"
    echo "Power Check: ERROR - No AC Power Detected"
fi

# Verify that macOS device has not updated to 10.12.4 since inventory updates are performed once daily
verCheck=$( /usr/bin/sw_vers -productVersion )
if [[ $verCheck == 10.12.4 ]]; then
    verStatus="macOS 10.12.4 Detected"
    echo "Update Not Needed"
else
    verStatus="macOS 10.12.4 NOT Detected"
    echo "Update Needed"
fi

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# jamfHelper Window
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

if [[ "$pwrStatus" == "OK" ]] && [[ "$verStatus" == "macOS 10.12.4 NOT Detected" ]]; then
    userChoice=$("$jamfHelper" -windowType "$windowType" -lockHUD -title "$title" -timeout "$timeout" -defaultButton "$defaultButton" -cancelButton "$cancelButton" -icon "$icon" -description "$description" -alignDescription "$alignDescription" -alignHeading "$alignHeading" -button1 "$button1" -button2 "$button2")
    echo "Jamf Helper was launched!"
else
    echo "The macOS device power check failed and/or no longer requires 10.12.4 update! Collect inventory and exit."
    jamf recon
    exit 0
fi

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# Logging
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

if [ "$userChoice" == "0" ]; then
    echo "User clicked UPDATE; now launching Self Service."
    /bin/launchctl asuser "$(id -u $loggedInUser)" sudo -iu "$loggedInUser" open -a /Applications/Self Service.app
elif [ "$userChoice" == "2" ]; then
    echo "User clicked Cancel or timeout was reached; now exiting."
    exit 0    
fi

H/t to @Rosko for the pwrCheck variable :)

pwrCheck=$( /usr/bin/pmset -g ps )
if [[ ${pwrCheck} == *"AC Power"* ]]; then
    pwrStatus="OK"
    echo "Power Check: OK - AC Power Detected"
else
    pwrStatus="ERROR"
    echo "Power Check: ERROR - No AC Power Detected"
fi

Taylor_Armstron
Valued Contributor

@Jason ... just FYI, your script keeps failing for me on the Disk Check portion, reporting 1GB free space on a machine with 1.07TB available. Looks like logic needs to be tweaked when $freeSpace returns a value in TB instead of GB on line 120.

Jason
Contributor II

@Taylor.Armstrong That part was from the original script. It looks like they're grabbing a line that looks like this on my machine: Volume Available Space: 155.8 GB (155812741120 Bytes) (exactly 304321760 512-Byte-Units) (31.2%)

print $4 would return "155.8". You could try also using awk to pull $5 to see if the system is GB or TB, and compensate for that. All of our systems are using 500GB drives, so we didn't run into that.

bpavlov
Honored Contributor

@AVmcclint This is only for when you use the full 10.12.4 installer from the Mac App Store.

AVmcclint
Honored Contributor

@bpavlov thanks for the clarification. One thing I have noticed with the 10.12.3 and 10.12.4 updaters - even when run outside of JSS and Self Service - is that the final reboot that should take you to your desktop sometimes hangs right at the iCloud login screen. Sometimes It hangs before actually displaying the window where you can choose to login or Skip. There was one time I got the window but there was no content within and no buttons to click until after about 5 minutes. I'm afraid that these unexpected and unusual hangs right in the home stretch of the updates users will get impatient and for the computer to reboot and who know what will happen then.

It is annoying that I'm using a config profile to disable all the Siri setup, iCloud, and other first-time user setup screens but these updates seem to disregard those settings.

TomDay
Release Candidate Programs Tester

The workflow that @Rosko built for this works awesome, TYVM @Rosko ! I have a restriction in place for the "Install macOS Sierra.app" file so in my testing I had to add an exemption for the computer I was testing. To deploy this in mass, anyone have a recommendation of how to use "Install macOS Sierra.app" while restricting any type of OS install from the mac app store?

Rosko
Contributor II
Contributor II

@TomDay The easiest away around the Software Restrictions is to just rename the installer before you stage/cache it on the systems. Then it won't even be noticed. Otherwise you'd want to look at adding an API call to add that computer that is installing Sierra via the script to the exclusions either directly or via a static group.

TomDay
Release Candidate Programs Tester

@Rosko That worked perfectly, thank you. Follow up question if you don't mind? On the script, is it possible for me to add some lines to the First Boot section that will disable iCloud, Diagnostic and Siri pop-up settings?

Rosko
Contributor II
Contributor II

@TomDay You are more than welcome to try, but I didn't have the greatest luck and would get mixed results with about a 50/50 success rate. I'm sure it's all in the timing, but I couldn't get in nailed down in the time I had. Please let me know if you do get it working though, would be happy to add it to the repo.

lashomb
Contributor II

We're using this one and it's been working well. https://github.com/bp88/JSS-Scripts/blob/master/OS_Upgrade.sh

mpermann
Valued Contributor II

@TomDay I went the route of manually installing some profiles to suppress those items. Then after the system is upgraded I remove the profiles. I didn't have good luck when I tried disabling those items through scripting.

seann
Contributor

@TomDay Tom you're best using a launchdaemon or boot policy to write the appropriate plist values to each account on each boot. Otherwise they will return when a macos service update is released.

TomDay
Release Candidate Programs Tester

@Rosko gave it a shot and like you mentioned mixed results so I'm not going to tinker with that anymore. Will use a method of launch daemon and script to set the values like @seann mentioned thx for that @seann , testing now.

@lashomb Wow that script is awesome! Tested on a few devices and tweaking that for our environment now, thx for sharing that! How do you handle running Apple Software Updates after that OS gets upgraded? I'm finding it needs a few like iTunes etc.