Addigy provides its partners with a unique ability to prepare for major macOS upgrades carefully. In our Prebuilt Apps catalog, we publish items designed to block and suppress upgrades to new major versions of macOS. These upgrade blockers can serve as an important tool to give you the time you need to vet major macOS upgrades before your users apply them.
Before continuing
- The blocker is only capable of blocking upgrades initiated by the ".app" installers from Apple. If the upgrade is initiated outside of this OS upgrade .app, it will not block it.
- Apple can offer macOS upgrades outside of the .app installers via System Settings. If you want to hide this upgrade from users, consider configuring deferrals.
- Public Library entries will be versioned as (releaseCount.pblockVersion) starting with Block Install macOS Sonoma (1.12).
How the Blocker Works
- Addigy's proprietary utility prevents the blocked Install macOS (version).app from running by removing the app's ability to execute at any level.
-
When the install app is attempted to be executed, the end user will be met with the native macOS warning that the app can’t be opened. No ticket or email alert will trigger in this event.
- In the case where the file permissions are granted and the app is opened simultaneously, the process of the install app is killed, a badge notification is presented to the user to explain the occurrence, and an email or ticket is sent to the Addigy partner according to their ticketing integrations or support email settings.
- Any blocked Install macOS (version).app or Beta app found on the device will be removed when the software runs as part of the policy, about every thirty minutes.
- If able to, Badge notifications from Apple that prompt the user to upgrade will be suppressed.
- If able to, Automatic download of macOS updates will be disabled.
- If able to, Automatic install of macOS updates will be disabled (except for critical updates).
Adding the Blocker to Your Policies
When you're ready to begin blocking a major OS upgrade, head over to the Software > Prebuilt Apps tab in the Catalog, then search "block install". Then, choose the version you wish to block.
Once you select the version you wish to block, you will be able to choose which policies you want to block the upgrades on.
After you've selected your policies, you can go to the settings and configure those. We recommend configuring it to "Latest and Auto-Update" and "Next Deployment".
Note: Given the nature of this utility, it is not something that we will need to update often, if at all. However, if we do need to update the blocker for any particular reason, users will not see any prompt to allow the update.
Now that you've configured the blocker, go ahead and click "Save", and it will automatically deploy on the next policy deployment (which happens around every 30 minutes on devices).
Removing the Blocker
When you are ready to remove this blocker, you can remove it by going to the same place where you assigned it to the desired policies. Simply uncheck the policy you wish to stop blocking, and click Save.
When a blocker is removed from a policy, it may take up to thirty minutes for the device to remove all the pieces of the blocker. To speed up the process, you can simply deploy the policy.
Note: When the blocker is removed, any lingering settings applied to System Updates will not be reverted. For example, if you have deferrals via the Restrictions Device Setting, those will remain in place.
If you have removed the blocker and you have verified the update is still being blocked, please run the script below to verify if the pblock is active:
#!/bin/bash
runningBlocker=$(ps aux | grep -v grep | grep pblock | awk -F '-f' '{print $2}' | awk -F '-' '{print $2}')
if [[ $runningBlocker == "" ]]; then
echo "No Blocker Installed"
else
echo $runningBlocker
fiIf the script states there is a version of that blocker still running, we suggest copying the removal script from the Prebuilt App details window and running that via saved script on the necessary devices. If you have any questions or concerns about this process, please reach out to Addigy Support for further assistance.