The Hamburglar Posted August 1 Posted August 1 Has anyone had any success with a profile to block users from updating to macOS Sequoia. This profile in the past has worked on other macOS versions like Ventura but so far it hasnt been successful with Sequoia. Granted its still in beta but I am trying to block that in case someone gets around our management due to local admin and tries to update. This has worked in the page with just changing the macOS name to match the new name. But so far I haven't had success. <dict> <key>Restrictions</key> <array> <dict> <key>Attributes</key> <dict> <key>name</key> <array> <string>Install macOS Sequoia</string> <string>Install macOS Sequoia</string> </array> <key>bundleId</key> <array> <string>com.apple.InstallAssistant.Sequoia</string> <string>com.apple.InstallAssistant.macOSSequoia</string> <string>com.apple.InstallAssistant.Seed.macOS15</string> <string>com.apple.InstallAssistant.Seed.macOS15.1</string> <string>com.apple.InstallAssistant.Seed.macOS15.2</string> </array> <key>cdhash</key> <array> <string>b90916616aa72ad2cf369f2721d5ff4bfea1bd41</string> </array> </dict> <key>Actions</key> <array> <integer>1</integer> </array> <key>Message</key> <string>You are currently not permitted to install macOS Sequoia.</string> </dict> </array> <key>PayloadDisplayName</key> <string>Restricted Software Policy</string> <key>PayloadOrganization</key> <string>VMware</string> <key>PayloadType</key> <string>com.vmware.hub.mac.restrictions</string> <key>PayloadUUID</key> <string>3955DB1E-026C-4909-A278-84558AC28268</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadIdentifier</key> <string>com.vmware.hub.mac.restrictions.3955DB1E-026C-4909-A278-84558AC28268</string> </dict>
Akito Ogushi Posted August 7 Posted August 7 Hi, When I install Sequoia in my environment, the bundle id of "Install macOS Sequoia Beta" app is "com.apple.InstallAssistant.Seed.macOS15Seed". Try above bundle id in "bundleId" section in your profile.
The Hamburglar Posted August 20 Author Posted August 20 Thanks but it still did not work. I guess we will just use the 90 day update delay for major OS updates and hope no one uses local admin to circumvent it.
Akito Ogushi Posted August 26 Posted August 26 (edited) Hi, I could restrict to run Sequoia beta installer with following setting. Try following setting. ----------------- <dict> <key>Restrictions</key> <array> <dict> <key>Attributes</key> <dict> <key>bundleId</key> <array> <string>com.apple.InstallAssistant.Seed.macOS15Seed</string> </array> </dict> <key>Actions</key> <array> <integer>1</integer> </array> <key>Message</key> <string>You are currently not permitted to install macOS Sequoia.</string> </dict> </array> <key>PayloadDisplayName</key> <string>Restricted Software Policy</string> <key>PayloadIdentifier</key> <string>HubSettings.93f1655a-59fb-42dc-bc31-9571275cb12b</string> <key>PayloadOrganization</key> <string>VMware</string> <key>PayloadType</key> <string>com.vmware.hub.mac.restrictions</string> <key>PayloadUUID</key> <string>1D7F0D17-369B-4766-9CA0-D2B4537657C1</string> <key>PayloadVersion</key> <integer>1</integer> </dict> ----------------- -Result If you still cannot restrict, the bundle ID in the profile may not match the installer for your device. Check the bundle ID of the installer. The bundle ID can be checked with the following command when the Sequoia installer is running. (I also checked “com.apple.InstallAssistant.Seed.macOS15Seed” in the same way.) >lsappinfo Edited August 26 by Akito Ogushi
ZombieKiller Posted September 15 Posted September 15 Use Google Santa...my favorite. https://github.com/google/santa
Akito Ogushi Posted September 20 Posted September 20 And now that Sequoia is officially released, you can block the Sequoia installer by adding the following string to the array of “bundleid” section. (I checked in my test environment) <string>com.apple.InstallAssistant.macOSSequoia</string> 1
MrMorningstar Posted September 24 Posted September 24 I tried blocking with the same method and created the profile referencing OP and these instructions: https://techzone.omnissa.com/blog/blocking-unwanted-apps-managed-macos-devices-workspace-one-uem but the profile doesnt install on my test machine, any ideas?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now