Purpose: Creates a launch daemon and script on target Macs to erase and install or upgrade macOS. Allows the installing policy to finish in a few secconds and report complete rather than never finishing at all.

Eraseinstall or Upgrade macOS.zsh

#!/bin/zsh

:<<ABOUT_THIS_SCRIPT
-------------------------------------------------------------------------------

	Alert! This script will only work with Intel Macs. There is no secure automated
	locally-initiated way to trigger an update or upgrade for Apple Silicon Macs.
	Those require an MDM command be sent from their Mobile Device Management (MDM)
	server.
	
	Written by:William Smith
	Partner Program Manager
	Jamf
	[email protected]
	https://gist.github.com/8768a57f4354ee8cd5aff341b4984b3a
		
	Originally posted: April 28, 2022

	Purpose: Creates a launch daemon and script on target Macs to erase and install
	or upgrade macOS. Allows the installing policy to finish in a few secconds and
	report complete rather than never finishing at all.
	
	Instructions:
	
	1. Create a new script in Jamf Pro named "Erase-Install or Upgrade macOS".
	
	2. Paste the entire contents of this script as-is into the Script field.
	
	2. Under Options, set the following parameter labels:
	Parameter 4: macOS Name (e.g., 'Big Sur' or 'Monterey')
	Parameter 5: Organization Name (e.g., 'Talking Moose Industries')
	Parameter 6: Organization Reverse Domain (e.g., 'net.talkingmoose')
	Parameter 7: Action (e.g., '--eraseinstall' or leave empty)
	
	3. Add the script to a policy and set the three parameters.
	
	4. Enable the policy for Recurring Check-In Once Per Computer.
	
	5. Scope the policy to target Macs that meet the specifications to run the
	downloaded installer and exclude Macs that already have the installer downloaded.
	
	6. Jamf Pro customers: To update Jamf Pro as soon as the macOS is installed,
	add a new policy to update inventory at Startup.
	
	As soon as a computer checks-in and completes the policy, the launch daemon
	will start the startosinstall command, which may take 20-30 minutes to complete
	and restart the computer.

	Except where otherwise noted, this work is licensed under
	http://creativecommons.org/licenses/by/4.0/

	"My poor mother, like many othe slave women, had many children but no family."
	— Frederick Douglas
	
-------------------------------------------------------------------------------
ABOUT_THIS_SCRIPT


macOSName="$4" # (e.g., "Big Sur" or "Monterey")
organizationName="$5" # (e.g. "Talking Moose Industries")
organizationReverseDomain="$6" # (e.g. "net.talkingmoose")
action="$7" # (e.g. "--eraseinstall" or leave empty)

# create organization folder if necessary to house the script

/bin/mkdir -p "/Library/$organizationName"

# create run-startosintall.zsh script

tee /Library/$organizationName/run-startosinstall.zsh << EOF
#!/bin/zsh

# run the installer
"/Applications/Install macOS $macOSName.app/Contents/Resources/startosinstall" --agreetolicense --forcequitapps $action

exit 0
EOF

# report to policy whether script was created

if [ $? = 0 ]; then
	echo "Creating script at \"/Library/$organizationName/run-startosinstall.zsh\""
else
	echo "Failed creating script at \"/Library/$organizationName/run-startosinstall.zsh\""
fi

# set correct ownership and permissions on run-startosinstall.zsh script

/usr/sbin/chown root:wheel "/Library/$organizationName/run-startosinstall.zsh" && /bin/chmod +x "/Library/$organizationName/run-startosinstall.zsh"

# report to policy whether ownership and permissions were set

if [ $? = 0 ]; then
	echo "Setting correct ownership and permissions on \"/Library/$organizationName/run-startosinstall.zsh\" script"
else
	echo "Failed setting correct ownership and permissions on\"/Library/$organizationName/run-startosinstall.zsh\" script"
fi

# create $organizationReverseDomain.fetch-full-installer.plist launch daemon

tee /Library/LaunchDaemons/$organizationReverseDomain.run-startosinstall.plist << EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>EnvironmentVariables</key>
	<dict>
		<key>PATH</key>
		<string>/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string>
	</dict>
	<key>Label</key>
	<string>$organizationReverseDomain.run-startosinstall</string>
	<key>ProgramArguments</key>
	<array>
		<string>/bin/zsh</string>
		<string>-c</string>
		<string>"/Library/$organizationName/run-startosinstall.zsh"</string>
	</array>
	<key>RunAtLoad</key>
	<true/>
</dict>
</plist>
EOF

# report to policy whether plist was created

if [ $? = 0 ]; then
	echo "Creating launch daemon at /Library/LaunchDaemons/$organizationReverseDomain.run-startosinstall.plist"
else
	echo "Failed creating launch daemon at /Library/LaunchDaemons/$organizationReverseDomain.run-startosinstall.plist"
fi

# set correct ownership and permissions on launch daemon

/usr/sbin/chown root:wheel /Library/LaunchDaemons/$organizationReverseDomain.run-startosinstall.plist && /bin/chmod 644 /Library/LaunchDaemons/$organizationReverseDomain.run-startosinstall.plist

# report to policy whether ownership and permissions were set

if [ $? = 0 ]; then
	echo "Setting correct ownership and permissions on launch daemon"
else
	echo "Failed setting correct ownership and permissions on launch daemon"
fi

# start launch daemon after installation

/bin/launchctl bootstrap system /Library/LaunchDaemons/$organizationReverseDomain.run-startosinstall.plist && /bin/launchctl start /Library/LaunchDaemons/$organizationReverseDomain.run-startosinstall.plist

# report to policy whether launch daemon was started

if [ $? = 3 ]; then
	echo "Starting launch daemon"
else
	echo "Failed starting launch daemon"
fi

exit 0

Don't Forget to add a policy to remove it once you are done :)

Don't Forget to add a policy to remove it once you are done :)

The erase should take care of that. 😉 But good point to mention the original policy should be scoped only to a smart group that identifies computers that should be erased not scoped to computers directly or other groups.

For upgrades, yes, a policy to remove these files does make sense.