Jump to content

macOS Ventura blocking


Josh Levitsky
 Share

Recommended Posts

  • Moderators

Just curious if folks have been looking at how to block Ventura upgrades from earlier OS versions?

This is on GitHub: https://github.com/Theile/venturablocker

In the FW KB: https://fwkb.atlassian.net/wiki/spaces/KB/pages/4329971/macOS+-+Block+Apple+Install+macOS+Application

The FileWave KB article worked for Monterey, Big Sur and prior. I haven't been able to test it for Ventura but wanted to get a thread going so people could consider if you are going to block it, and how you are going to block it if you know you have certain apps that aren't yet compatible since it's just around the corner. 

  • Thanks 1
Link to comment
Share on other sites

Josh Levitsky
This post was recognized by Josh Levitsky!

mbrownktx was awarded the badge 'Helpful' and 5 points.

I can confirm the configuration in the second link above is working in our environment with the appropriate tweak to the "MinimumBlockedVersion" key (set to 18, the version number corresponding to Ventura) in the "com.filewave.blockmacosinstaller_user.plist" file.

Screen Shot 2022-10-24 at 7.14.01 PM.png

Screen Shot 2022-10-24 at 7.14.15 PM.png

  • Thanks 1
Link to comment
Share on other sites

  • Moderators
2 hours ago, Damjan Gruicic said:

thank you for good script, it works fine for me too, but it goes to start Installer second time when you leave "Blocked Installation" windows up. So if you click "OK" on "An error.." and starta again Installer, do goes to upgrade to Ventura.

Thanks for mentioning that. I'll have to take a look at if there's a way to avoid the persistent person who launches it, leaves the dialog up, and launches again. We can look to improve that. 

  • Like 1
Link to comment
Share on other sites

I've also tested the github package above and it's worked on all the Macs I've tested it on. I have also altered the provided uninstaller script to work with the Ventura blocker, it seems it wasn't updated from the Big Sur one. After running it allows the Ventura installer to run on the Macs I've tested it on.

 

current_user_uid=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/UID 😕 && ! /loginwindow/ { print $3 }' )

 

launchd_item_path="/Library/LaunchAgents/dk.envo-it.venturablocker.plist"

launchctl bootout gui/${current_user_uid} "${launchd_item_path}"

 

rm -f /Library/LaunchAgents/dk.envo-it.venturablocker.plist

rm -f /usr/local/bin/venturablocker

 

pkgutil --forget dk.envo-it.venturablocker

WorkMacBookProScreenshot 5.png

Edited by Jimmy Stearns
Deleted the emoji it auto added
Link to comment
Share on other sites

  • 2 months later...

@Sean, is there a reason why you choose to use both a launch agent and a launch daemon? (The previous fileset only used a launch agent.)

Also, the Watch Paths key got stripped from the new/revised .plist. (Was that intentional?)871478454_Screenshot2023-01-25at8_57_24PM.png.d123cbb0eb8c3e0952efedb1dc347179.png

 

Finally, I also wanted to highlight the changes to the kill_macos_major_update.sh file. (In case anyone was wondering "what changed".)

1681561572_Screenshot2023-01-25at9_07_00PM.png.28e099b23a8364520d0a34b4935c7430.png

Link to comment
Share on other sites

Yes two separate launch items.  Users are able to disable LaunchAgents, but it has always required shell command knowledge, but it is generally easier to do user interaction with an Agent rather than a Daemon.  However, with Ventura, LaunchAgents are just viewed in System Preferences and you can just tick a box to turn them off or on.

Hence, Launch Daemon does the killing of the App, user can't disable that (unless they are Admin), Launch Agent informs the user; if they want to turn that off, so be it.

As such, everything has been changed to adapt to this new setup.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...