PPPC for Wacom drivers (again)

Hi, I'm working on this for macOS 11.5.2 in our labs.  We have M1's arriving this year.

What Wacom support didn't tell you is that now under macOS 11, PPPC Input Monitoring now supports 'Allow standard users to approve access'.  Selecting this option (in the Jamf PPPC Utility) will add the Wacomtabletdriver.app and Firmwareupdate.app to the Input Monitoring section of Security & Privacy.  It will also stop the annoying prompt to add the driver from being displayed on every login or every 15 seconds.  If your lab users don't have admin rights, they can tick the driver in 'Security & Privacy / Input Monitoring' without being prompted for an Admin username & password.  The tablet should still work without ticking 'input monitoring from the keyboard', that was my observation last year using the Intuos4 tablet.  But students will be able to tick it if they so wish.  And once one does, it will be ticked for all users of the device.

I'm using the latest version of the PPPC Utility 1.4.0 to create the mobileconfig file.  There's a bug in Jamf Pro that when you upload the file, it sets every Authorise setting to - Allow standard users to Approve Access - instead of just - 'Allow'.  This will result in a failed profile deployment / install.  You have to manually set all the settings back to 'Allow' in Jamf Pro before saving and deploying the file.  Keep the input monitoring setting as 'Allow standard users to Approve Access'.  This is as far as I have gotten.  I haven't worked on getting the Wacom Desktop Center app from auto starting but I have gotten rid of that annoying driver popup and all the launch agents/daemons are still in place.

(Also don't quote me on this but Kext approval shouldn't be required under macOS 11 if the software has been updated by the vendor.  Legacy kexts are dead.  System Extensions, Security Extensions and Network Extensions seem to be the new thing.)

Below is the mobile config file I'm testing for this year.

The new key under macOS 11 is:

Thank you, that worked perfectly. 

Hi, I'm working on this for macOS 11.5.2 in our labs.  We have M1's arriving this year.

What Wacom support didn't tell you is that now under macOS 11, PPPC Input Monitoring now supports 'Allow standard users to approve access'.  Selecting this option (in the Jamf PPPC Utility) will add the Wacomtabletdriver.app and Firmwareupdate.app to the Input Monitoring section of Security & Privacy.  It will also stop the annoying prompt to add the driver from being displayed on every login or every 15 seconds.  If your lab users don't have admin rights, they can tick the driver in 'Security & Privacy / Input Monitoring' without being prompted for an Admin username & password.  The tablet should still work without ticking 'input monitoring from the keyboard', that was my observation last year using the Intuos4 tablet.  But students will be able to tick it if they so wish.  And once one does, it will be ticked for all users of the device.

I'm using the latest version of the PPPC Utility 1.4.0 to create the mobileconfig file.  There's a bug in Jamf Pro that when you upload the file, it sets every Authorise setting to - Allow standard users to Approve Access - instead of just - 'Allow'.  This will result in a failed profile deployment / install.  You have to manually set all the settings back to 'Allow' in Jamf Pro before saving and deploying the file.  Keep the input monitoring setting as 'Allow standard users to Approve Access'.  This is as far as I have gotten.  I haven't worked on getting the Wacom Desktop Center app from auto starting but I have gotten rid of that annoying driver popup and all the launch agents/daemons are still in place.

(Also don't quote me on this but Kext approval shouldn't be required under macOS 11 if the software has been updated by the vendor.  Legacy kexts are dead.  System Extensions, Security Extensions and Network Extensions seem to be the new thing.)

Below is the mobile config file I'm testing for this year.

The new key under macOS 11 is:

THANK YOU for posting that!  It worked perfectly for me -- no more crazy popups during the Wacom Tablet Driver installation.  FYI this was tested on Big Sur 11.5.2 using the Wacom Tablet Driver v6.3.44-1.  It will be installed on about 150 iMacs for our school district's CTE department.

A few questions if you don't mind:

1. Where is com.wacomtablet.RemoveWacomTablet located on the machine?  I couldn't find it anywhere.
2. Is there a way to copy/paste the configuration profile you put in the thread directly into PPPC Utility, or into JAMF?  I couldn't figure out how, so I had to manually add all the apps and permissions into PPPC Utility, save that and upload it to JAMF, and then manually add the com.wacomtablet.RemoveWacomTablet permissions after uploading.  Surely there is an easier way.

Thanks again.  HUGE help.

Hi,

1. com.wacomtabelt.RemoveWacomTablet is actually the 'Wacom Tablet Utility.app' in the Wacom folder.

The bundle ID is what the Jamf PPPC utility picks up from the info.plist buried inside the app.

2. Yes you can simply copy and paste the text.

Start at the top line

<?xml version="1.0" encoding="UTF-8"?>

hold down your left mouse button.  Scroll all the way down to

</plist>

with your mouse button still held down until you have the whole thing highlighted in blue.  Then right click on the blue last line and copy to clipboard.

Then open a new text file in a programmers text editor such as BBEdit or Sublime Text.  Right click, paste.

Save the text file and give it a file extension of .mobileconfig

Now you can import it into the Jamf PPPC Utility or you can upload the file to Jamf Pro.

Sometimes Jamf Pro requires .mobileconfig files to be formated in a certain way, if so, it will tell you when you try to upload the command line you need to use to reformat the file.

Hi, I'm working on this for macOS 11.5.2 in our labs.  We have M1's arriving this year.

What Wacom support didn't tell you is that now under macOS 11, PPPC Input Monitoring now supports 'Allow standard users to approve access'.  Selecting this option (in the Jamf PPPC Utility) will add the Wacomtabletdriver.app and Firmwareupdate.app to the Input Monitoring section of Security & Privacy.  It will also stop the annoying prompt to add the driver from being displayed on every login or every 15 seconds.  If your lab users don't have admin rights, they can tick the driver in 'Security & Privacy / Input Monitoring' without being prompted for an Admin username & password.  The tablet should still work without ticking 'input monitoring from the keyboard', that was my observation last year using the Intuos4 tablet.  But students will be able to tick it if they so wish.  And once one does, it will be ticked for all users of the device.

I'm using the latest version of the PPPC Utility 1.4.0 to create the mobileconfig file.  There's a bug in Jamf Pro that when you upload the file, it sets every Authorise setting to - Allow standard users to Approve Access - instead of just - 'Allow'.  This will result in a failed profile deployment / install.  You have to manually set all the settings back to 'Allow' in Jamf Pro before saving and deploying the file.  Keep the input monitoring setting as 'Allow standard users to Approve Access'.  This is as far as I have gotten.  I haven't worked on getting the Wacom Desktop Center app from auto starting but I have gotten rid of that annoying driver popup and all the launch agents/daemons are still in place.

(Also don't quote me on this but Kext approval shouldn't be required under macOS 11 if the software has been updated by the vendor.  Legacy kexts are dead.  System Extensions, Security Extensions and Network Extensions seem to be the new thing.)

Below is the mobile config file I'm testing for this year.

The new key under macOS 11 is:

https://community.jamf.com/t5/jamf-pro/wacom-woes-lab-looking-for-pppc-for-long-term-relationship/m-p/264434/highlight/true#M243074

I contacted WACOM and they sent me an enterprise driver; It works great in my lab!
 +  no popups! 
 -  still need privileges to setup Apple input access, etc in settings..  That's an Apples security settings issue.

Please elaborate if you can... How did you contact WACOM for this, and how did you resolve input access settings?