Block Mac OS Catalina Update

Kaseya Automation Team
Kaseya Automation Team Member, Kaseya Certified CHOCOLATE MILK
edited January 2022 in Solutions

Product Name: Block Mac OS Catalina Update

Description : This set of agent procedure will allow you to block the Mac Os Catalina upgrade to prevent the end users from being able to upgrade.

It leverages the "softwareupdate" command to set the patch to be ignored. There is also another procedure to reset all ignored patches or reset the Mac Catalina only.

This needs to be done prior to the upgrade as it cannot perform a downgrade from an updated endpoint.

Instructions :

Upload the procedure with the Import Folder/Procedure tool in the Agent Procedures module under Schedule / Create

Comments

  • timothy dodd
    timothy dodd Member
    edited October 2019
    How do we allow it back again once we are ready?
  • Kaseya Automation Team
    Kaseya Automation Team Member, Kaseya Certified CHOCOLATE MILK
    edited October 2019

    @Timothy, as part of the procedures, there is one to reset the list of patches to ignore including Catalina.

  • DeAnna Birdsall
    edited October 2019

    The procedure is missing.  It only creates a folder.

  • DeAnna Birdsall
    edited October 2019

    It appears I must give myself permissions to the new folder.  I am now able to view the procedures.

  • Mykel Lambert
    Mykel Lambert Member
    edited October 2019

    Having already created a similar procedure, I also advise adding

    softwareupdate --ignore 'macOS Catalina Beta' 

    as this will hide the Catalina BETA in case users have signed up for public beta programs.

  • Kaseya Automation Team
    Kaseya Automation Team Member, Kaseya Certified CHOCOLATE MILK
    edited October 2019

    @Mykel, Thanks for the suggestion, I edited the XML and procedure to block the Beta as well. 

  • Brent Jones
    Brent Jones Member CHOCOLATE MILK
    edited October 2019

    Procedure set imports and works great!  Thank you contributors!

    -Brent

  • Caleb
    Caleb Member
    edited October 2019

    You will likely also want to block the update notification utility that Apple uses to notify users of Catalina:


    sudo softwareupdate --ignore "macOSInstallerNotification_GM"
  • Josh Youngberg
    Josh Youngberg Member CHOCOLATE MILK
    edited October 2019

    Would that command have the potential to block future OS update notifications ( for 10.16, 10.17, etc)?

  • Caleb
    Caleb Member
    edited October 2019

    @Josh Youngberg - yes, it would. In order to resume update notifications, you would have to run the following command:

    sudo softwareupdate --reset-ignored "macOSInstallerNotification_GM"