NoMAD Welcome and Give Custom App Access to Finder

jared_f
Valued Contributor

Hi All,

We have installed NoMAD and this welcome pop up comes up for every logged in user. Is there a custom configuration profile to suppress this behavior? In addition, is it possible to allow an automator custom workflow (saved as a .app) to run automatically with finder permissions.

c0443a387f7b43739023df14b3ea958d

Thanks,
Jared

2 ACCEPTED SOLUTIONS

mm2270
Legendary Contributor III

Looks like folks above have answered the question regarding that interaction prompt.

As for the NoMAD pop up, yes, a Config Profile will allow you to turn that off for all clients. Technically it can be done with a global defaults write command to a plist in the /Library/Preferences/ location, but you should use a Config Profile.

Take a look at this page for all the NoMAD settings: https://nomad.menu/help/preferences-and-what-they-do/ The one you want for that is DontShowWelcome which will accept a boolean value of true to turn it off.

View solution in original post

mike_paul
Contributor III
Contributor III

@jared_f, what version of Jamf are you using?

Since you built this .app yourself I imagine you didnt sign it with a developer certificate which would give it a code signing requirement, which is a needed thing to be able to whitelist it using the PPPC profiles. The PPPC Utility wont allow the selection of an app without a code signature. You can confirm this by running the following:

codesign -dr - /path/to/customName.app

If it does not have a code signature it would return "/Applications/customName.app: code object is not signed at all"

We dont really have moderators per se but I will work on getting some more profiles uploaded to https://github.com/jamf/JamfPrivacyPreferencePolicyControlProfiles which already has a pre-built profile to whitelist Jamf Binary, agent and jamf.app via the AppleEvents key to SystemEvents, SystemUIServer and Finder.

We did not build one for Microsoft office since that was not our product and I also dont have it installed just to give you the needed values. But you can run that above command and get that yourself.

Unfortunately I dont know if we could ever cover all the apps out there that would cause prompts as many apps are unique to environments. I hope to have some more scripts added to that jamf GitHub soon that will help with the collecting of these values in your environment and also means to report on ones that have already prompted your end users.

View solution in original post

10 REPLIES 10

tthurman
Contributor III

Looks like a TCC. You might need to whitelist that application for access to Finder in your TCC Profile for 10.14 devices.

Regards,
TJ

jhalvorson
Valued Contributor

I believe your seeing the pop up from Mojave's Privacy Preferences Policy Control. You could create a custom configuration profile using https://github.com/erikberglund/ProfileCreator

Just_Jack
Contributor

To any Jamf moderator reading this.
Can you create a KB with a list of Mojave's PPPCs?
Something like:

JamfAgent / MicrosoftAutoUpdate
JamfAgent / System Events
MountDrives / Finder

This way we can can go through that list and use your PPPC-Util.
And we can be ahead of the game instead of wonder what the next PPPC pop-up window will be.

mm2270
Legendary Contributor III

Looks like folks above have answered the question regarding that interaction prompt.

As for the NoMAD pop up, yes, a Config Profile will allow you to turn that off for all clients. Technically it can be done with a global defaults write command to a plist in the /Library/Preferences/ location, but you should use a Config Profile.

Take a look at this page for all the NoMAD settings: https://nomad.menu/help/preferences-and-what-they-do/ The one you want for that is DontShowWelcome which will accept a boolean value of true to turn it off.

jared_f
Valued Contributor

Thanks all. I have tried the PPPC utility and it won’t allow me to even add the app. Any ideas/workarounds to this are must appreciated.

mike_paul
Contributor III
Contributor III

@jared_f, what version of Jamf are you using?

Since you built this .app yourself I imagine you didnt sign it with a developer certificate which would give it a code signing requirement, which is a needed thing to be able to whitelist it using the PPPC profiles. The PPPC Utility wont allow the selection of an app without a code signature. You can confirm this by running the following:

codesign -dr - /path/to/customName.app

If it does not have a code signature it would return "/Applications/customName.app: code object is not signed at all"

We dont really have moderators per se but I will work on getting some more profiles uploaded to https://github.com/jamf/JamfPrivacyPreferencePolicyControlProfiles which already has a pre-built profile to whitelist Jamf Binary, agent and jamf.app via the AppleEvents key to SystemEvents, SystemUIServer and Finder.

We did not build one for Microsoft office since that was not our product and I also dont have it installed just to give you the needed values. But you can run that above command and get that yourself.

Unfortunately I dont know if we could ever cover all the apps out there that would cause prompts as many apps are unique to environments. I hope to have some more scripts added to that jamf GitHub soon that will help with the collecting of these values in your environment and also means to report on ones that have already prompted your end users.

jared_f
Valued Contributor

Thank you @mike.paul, it was not signed so I just re-exported the app and signed with a self sign AC2 certificate. When I have some time, I will make sure to do it properly.

szultzie
Contributor II

So unrelated to NoMAD, but i have a custom app i signed manually using a local codesigning certificate, and it still doesn't allow me to open it up in PPPC Utility

Any ideas?

mike_paul
Contributor III
Contributor III

@szultzie , this would likely make more sense in a different post but what does the codesign command posted above give you as a result?

achristoforatos
Contributor II

Anyone figure out how to suppress the welcome window?