Fileset to block Apple Install macOS applications
Description
As described, this only blocks macOS Installer Applications. Preventing users from using Software Updates can only be achieved with Defer Apple OS Updates and you should consider this because Software Update is capable or running the upgrade even with this solution in place.
Apple automatically instals the latest installer application on devices, allowing users to upgrade to the next major release of macOS. The following provides a method to prevent users from running the application, ensuring administrators have the required time to prepare the business.
The provided Fileset includes an unaltered version of the Open Source Software Pashua, which is licensed under the 3-Clause BSD License.
Information
The attached Fileset prompts users with a message, including alternate languages. There is also allowance for control over which versions of macOS Installers are blocked. The only requirements are the following Filesets:
If running macOS 13 or higher, this profile is also required.
A requirement script is included to ensure the profile is installed first, before downloading and installing the blocker.
Optionally the following Custom Field may be used to monitor the quantity of times users attempt to upgrade devices:
macOSAppInstallerBlockAttempts.customfields.zip
The above instals launchd services. Disassociation of the Fileset will unload these services as well as remove all files.
Directions
The Fileset is currently configured to block the 'Install macOS Ventrua.app' and future versions of macOS Installer App; it would actually also stop the Beta. Version control is managed by the plist file in usr > local > etc > block_macos_updates:
com.filewave.blockmacosinstaller_user.plist
Contents of the file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>MinimumBlockedVersion</key>
<integer>18</integer>
</dict>
</plist>
Version of App to Block
Edit the file as required for the following:
- Key - MinimumBlockedVersion
- Value - Integer
Set to 19, which will block macOS Sonoma. This could be lowered to block earlier (or later versions when Apple release their next major release)
Example alternatives:
- 19 - Block Sonoma and above
- 18 - Block Ventura and above
- 17 - Block Monterrey and above
- 15 - Block Catalina and above
- 14 - Block Mojave and above
The script defines a version to block (and versions above) in the case that no plist file is found. This is set to 15, since this should never be the case and is a capture to prevent unwanted updates in this unexpected instance.
Message Localisation
When the installed service blocks the App, a message is reported to the user. Examples have been provided for English and German.
The language is determined by the first two characters from the following command:
$ defaults read -g AppleLanguages | awk -F "\"" '/\"/ {print $2; exit}'
en-GB
As such en-GB, en-US, en-AU, etc will all result in an English version.
Language template files are stored in the path:
/usr/local/etc/block_macos_updates/
English and German respectively:
- warning_en.txt
- warning_de.txt
Copy and edit the files appropriately for additional languages.
Example to add French
User has French language set:
$ defaults read -g AppleLanguages | awk -F "\"" '/\"/ {print $2; exit}'
fr-FR
Based upon this, create a copy warning file (note the suffix '_fr'):
- warning_fr.txt
Edit '*.title' and default message 'txt1.default' appropriately:
# Set window title
*.title = Installation bloquée
# Introductory text
txt.type = text
txt.default = macOS Installer Application
txt.height = 100
txt.width = 310
txt.x = 100
txt.y = 120
txt1.type = text
txt1.default = Cette version de macOS n'est pas prête pour l'environnement de production. Veuillez contacter le service informatique si nécessaire.
txt1.height = 100
txt1.width = 310
txt1.x = 100
txt1.y = 50
img.type = image
img.x = 20
img.y = 70
img.maxwidth = 64
img.path = /usr/local/etc/FileWave_Icon.png
Text content will impact the view. Consider changing height, x and y values if the view does not appear as intended.
Upload and replace the 'img.path' as your own company logo for customisation.
Logging
The launchd scripts have additional logging which will be available in Apple's Console (Debug level Info). For example:
3 Comments
To clarify, will MinimumBlockedVersion=20 block macOS Sequoia and above ?
Should do
From the details in the above KB:
Example alternatives: