Our organization is needing to push out Panopto Recorder to 1000+ machines. The installer already has some issues that I've been able to address, but I could use some help on this last piece. Some of the problems with this installer, it can only be run while a user is logged in. I'm working around this by running a script at check-in to see if a user is logged in, and calling the install policy if someone is. This script does work on Sierra and High Sierra. My problem now is that the installer is doing some weird things that require allowing Installer to administer networking and system settings when installing manually.
With a PPPC profile that's allowing everything to installer, terminal, jamf, jamfagent, and jamf management I'm able to get the installer to run successfully, if run through Self Service or through running sudo jamf policy through a local terminal session. But no dice on letting the policy run on a natural check-in, running sudo jamf policy over an ssh session, or through Jamf Remote. I've tried giving launchd and sshd full access to see if that helped, and it hasn't. Does anyone have an idea on allowing some other process access to what it needs?
Side note: I plan to lock down the PPPC profile, and remove excess permissions, once I get working what I can. The shotgun approach is just to get myself started. The profile is also un-scoped from a machine once Panopto is installed.
Any help is appreciated.
