On October 7, 2019, Apple released their latest operating system, Catalina. While many users are eager to run the newest version of macOS on their Macbooks, IT admins know that there is reason for caution. Zero day security vulnerabilities and lost functionality have followed Apple OS upgrades in the past – leaving IT teams working overtime to compensate. Below, we’ll explain below how it’s possible to prevent your users from upgrading to macOS Catalina programmatically and at scale, using JumpCloud Directory-as-a-Service.
Note: If you don’t have Directory-as-a-Service currently, you can get a free account here, no credit card required.
How to Prevent Users from Upgrading to macOS Catalina
You can use Commands and the JumpCloud PowerShell Module to prevent users from updating their operating system to Catalina. This command will make the software update system preference pane ignore the macOS Catalina installation media. You can revert this command at any time by running another command (also explained in the documentation).
JumpCloud’s Commands feature lets you run commands using a number of languages, including PowerShell, Bash, and Shell. Commands can be executed across any number of systems (Windows / Mac / Linux) or System Groups. Visit our Getting Started with Commands documentation to understand how to use this feature and see our Commands Gallery for a list of commonly used Commands.
Why Block Users from Upgrading to Catalina?
The simple answer is that OS upgrades can come with unintended consequences and they’re also fairly permanent. While Apple tests all of their new operating systems thoroughly, it’s impossible to catch every issue, every time. The two principle reasons to hold off on allowing users to upgrade are as follows:
- Security: Zero days are opportunities for both hackers and bug bounty hunters around the world to test brand-new software for security vulnerabilities. By waiting a few days or weeks before upgrading, your organization can avoid the majority of these security threats. A point release to address security issues is often a fast follow to a major release.
- Functionality: Users will expect everything to work exactly as it did before, only better. Unfortunately that’s not always the case. In the case of macOS Catalina, Apple has already announced that its latest OS will not support 32-bit apps (in favor of 64-bit). If your organization is still leveraging this type of application, then upgrading your OS will render these apps defunct.
The immediate benefits of a new operating system rarely outweigh the risks. Ultimately, you’ll likely want all of your users to upgrade to Catalina for better UX and security – but it’s smart to let Apple and the cybersecurity community work out any flaws in the system before installing and updating.
macOS System Management, At Scale
The ability to prevent users from upgrading to macOS Catalina is just a small example of how JumpCloud is helping IT organizations gain better control over their systems. Our Directory-as-a-Service platform gives admins a unified web console to manage Mac, Linux, and Windows systems at scale. In addition to Commands and the PowerShell Module, JumpCloud offers readymade, point-and-click Policies for streamlined administration.