Managing OS Version

chris_morelock
New Contributor II

Sorry if this has been asked already. I am new to JAMF. I was wondering the best way to control the OSX version that all of my computers are on?

Can I force everyone to update to a certain version and keep them there until I want to force the next update?

Can I force an update from a major release, example: El Cap to Sierra?

Thanks guys!

1 ACCEPTED SOLUTION

bradtchapman
Valued Contributor II

What you can do is create a policy with a "Software Update" payload and run it once a week. This will ensure that Macs always have the latest and greatest security patches.

If you're trying to update minor OS version (e.g.: 10.11.5 to 10.11.6) then this is already part of the softwareupdate routine.

For major OS version upgrades (e.g.: iOS 9 to iOS 10): iOS devices can be forced to upgrade to the next major OS only if the device is enrolled in DEP, and supervised, and already running iOS 9 or higher. Otherwise, they'll get minor updates over-the-air and the users can install them at their convenience.

For Mac OS X, forced installations of major OS updates is not a supported management action. Each major release of OS X normally requires a separate download from the Mac App store. As an administrator you can repackage this as a self service item, but a Mac will not "software update" itself to the latest operating system version. Too many things have broken in the past, and Apple wants to avoid the liability of breaking millions of its customers' machines.

Now that being said, as a Jamf administrator, you can technically package the OS yourself and then install on next check-in to a set of machines.

The general consensus here is that forcing a major OS update is a bad idea. If it fails, you'll be on the hook. I would not attempt this without a carefully drawn battle plan, loads of testing, and sign-off from your boss or the department heads. And for god's sake, don't do it to the CEO or any high ranking executive, or you'll find yourself out of a job.

View solution in original post

2 REPLIES 2

bradtchapman
Valued Contributor II

What you can do is create a policy with a "Software Update" payload and run it once a week. This will ensure that Macs always have the latest and greatest security patches.

If you're trying to update minor OS version (e.g.: 10.11.5 to 10.11.6) then this is already part of the softwareupdate routine.

For major OS version upgrades (e.g.: iOS 9 to iOS 10): iOS devices can be forced to upgrade to the next major OS only if the device is enrolled in DEP, and supervised, and already running iOS 9 or higher. Otherwise, they'll get minor updates over-the-air and the users can install them at their convenience.

For Mac OS X, forced installations of major OS updates is not a supported management action. Each major release of OS X normally requires a separate download from the Mac App store. As an administrator you can repackage this as a self service item, but a Mac will not "software update" itself to the latest operating system version. Too many things have broken in the past, and Apple wants to avoid the liability of breaking millions of its customers' machines.

Now that being said, as a Jamf administrator, you can technically package the OS yourself and then install on next check-in to a set of machines.

The general consensus here is that forcing a major OS update is a bad idea. If it fails, you'll be on the hook. I would not attempt this without a carefully drawn battle plan, loads of testing, and sign-off from your boss or the department heads. And for god's sake, don't do it to the CEO or any high ranking executive, or you'll find yourself out of a job.

chris_morelock
New Contributor II

Thank you very much for the information! It was very helpful.