Update to macOS Upgrade Script

I’ve gone ahead and updated my OS Upgrade script for compatibility with macOS High Sierra (10.13). If you’re curious on how to use it, please read my blog post here. There’s one major change to report on other than the compatibility with the new OS installer app.

Filevault Authenticated Restarts

Currently, the macOS Installer does not support authenticated Filevault restarts. This creates a situation where your user would have to run the installer, wait until the restart, authenticate and then walk away. The process now makes it so that the user is prompted for their Filevault credentials before the upgrade even starts. This is so that the user can walk away and not have to wait for the installer app to prepare the computer for the upgrade.

The script will automatically detect if Filevault is turned on. If it’s not, then the user will not see the authentication prompt. I understand some folks might not like this so with that in mind, if you wish to disable this part of the script, comment out lines 521 – 524. I would have added more JSS parameters and made this an option you could disable, but I ran out of parameters to use (vote up this feature request for more JSS parameters).

Conversion to APFS

I’ve been asked to add an option to allow APFS to be turned off or on. I did enforce conversion to APFS using the command: --converttoapfs YES (if you want to disable it, just put NO instead of YES) early on in my update to my script. But ultimately after asking for feedback from other admins, I opted to not force it and just let the app installer take care of the logic on whether to upgrade the drive to APFS. The reasoning here is that Apple knows what conditions best support APFS and which ones don’t. However, I did make a comment in my script in line 500 for those who want to always enforce it or disable APFS conversion entirely. It would have been nice to make this an option that could be toggled with a JSS parameter, but like I said earlier, I ran out of JSS parameters to use (vote up this feature request for more JSS parameters).

Additional changes include:

  • new dialogs for Filevault authenticated restarts
  • new exit codes
  • code clean up

The script referenced above can be downloaded from my GitHub repo. Please let me know if you run into any issues or have any questions regarding the script.

8 thoughts on “Update to macOS Upgrade Script

  1. This is great. I have a question though. When someone tries to run the upgrade and their computer doesn’t meet the criteria, they get the pop up, let’s say “Connect to Power Source”, and when the click okay, they also receive the Self Service dialogue box “Cannot Install Item”. Is there a way to prevent that one? I see the users getting confused by this…


  2. This a great resource and we’re testing it with our High Sierra Self Service policy with mostly positive success. We had to strip out the FileVault authentication since it was failing on older OS’s (10.10.5) but that isn’t much of an issue. We are running into another quirk, though, with installing additional packages. We drop a package on the drive and customize the startosinstall commands to include the appropriate “–installpackage /Path/package.pkg” verbiage, but it doesn’t install the package. Any thoughts?


      1. Yes, we converted the package as outlined and when we drop it into that folder and run the startosinstall command manually from the terminal it does install. I’m not sure what could be happening that’s different.


  3. We are testing your script to upgrade to High Sierra and have found a couple of issues:

    1. If we put in the Optional Parameter 7 (the trigger for the download), the script will always trigger the download even if the installer is already in the correct path. If the installer already exists, the script will terminate with the Download failure. If you delete the installer and run again, the script will get past this point. Should we just use Smart Groups (one for download) and one for the download complete (to have the Self Service show up) and take out the #7 trigger?
    2. If it does get to Step 2, the dialog shows, but nothing ever happens (i.e. no restarts, nothing). We have left it running overnight and no upgrade. We have tested the installer manually and it will install when kicked off. This is 12.13.1. Perhaps something has changed with the installer since 12.13.0?



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s