Skip to main content

Hello Everyone,



We have been using the PPPC utility to build the PPPC configuration profiles for a while now. Today however, even though I have created the PPPC configuration profile for the Wacom Springboard Driver, I still have to check the box to accept the profile under the privacy system preference. I had thought the entire point of doing this step via Jamf Pro and the PPPC utility is to eliminate this.



I could be missing something. Just curious if anyone else has seen this where the privacy setting is installed on a client but the checkbox has to be checked for this to work.



Thoughts and advice are most welcome, thank you!

I had similar issues with the latest Wacom update but need to do some more testing. I followed the recommendations on Wacom's website and configured it with the guidlines for the manual install. Not sure how to approve "Automation" though.(https://www.wacom.com/en-us/support?linkId=57350690&guideTitle=Is-there-a-compatible-driver-for-Mac-OS-10.14-Mojave%3F&guideId=014-001)

For the Wacom Tablet Driver I have the following:



Part of the PPPC Profile, Allow access to Accessibility



Part of the Pre-Approved Kernel Extension Profile
Display Name: Wacom Technology Corp.
Team ID: EG27766DY7



Deployment is to copy the pkg to the machine then run a script to install it from the machine
installer -pkg "/tmp/Install Wacom Tablet.pkg" -target /

The settings in PPPC configuration profiles are not reflected in what you see under System Preferences > Security & Privacy > Privacy. Deploy your profile and test. Ignore what you see under that tab.

Thanks @talkingmoose, I appreciate it. I wasn't seeing anything under the tab and things were working fine last year with High Sierra. Mojave should behave similarly in this regard, but we needed an updated driver. As always, testing is required. It's been a while since I had set this up.

Hi Folks, trying to figure this out as this is the first time I've had to deploy Wacom in Mojave and instantly a student found they needed an admin password to change something under Security, Accessibility in order for the tablet (or pen) to work correctly. The installer part is very clear. What isn't clear is how to setup a Configuration Profile and what to put into the Privacy Preferences Policy Control form which has these fields: App Access: Identifier, Identifier Type (Bundle ID or Path), Code Requirement (required) and a checkbox "Validate the Static Code Requirement".



In other words I'm new to PPPC configuration profiles. There's also this article on Wacom which isn't very illuminating:



https://www.wacom.com/en-us/support?linkId=57350690&guideTitle=Is-there-a-compatible-driver-for-Mac-OS-10.14-Mojave%3F&guideId=014-001

@endor-moon I was in the same boat. I stick to using Jamf's PPPC-Utility to grant the privileges I need. On a test computer, after plugging in a Wacom and using the stylus and being prompted to accept what I need to accept, I verify which app or binary I should be dragging into PPPC by looking at the list in Security & Privacy. Then drag it into the PPPC Utility app, set the permissions I want to grant, and use the PPPC-Utility to upload the config profile directly to my Jamf Pro server.



In the case of Wacom, I'll then goto that uploaded profile and add the kernel extension whitelisting to the same profile.

Thanks @adamcodega , I will give it a shot. It's tempting just to go back to macOS Sierra but that's not really practical. ;)

never mind. delete this stupid post of mine.

+1 virtual beer for someone who could kindly share it!
Thank you!

We have had a ton of issues with accepting kernel extensions in Mojave, Wacom drivers being one of the worst offenders. Our issue was Trend Micro security using a out of date agent. Once we updated our TM server and it pushed the new agent those issues has been minimal. So it could be something like that getting in the way of the acceptance.

@carlo.anselmi I could use a beer today!



Here is what I've been using in Mojave for the Wacom touch driver.



Here is the identifier, if you want to copy and paste into your Payload.



identifier "com.wacom.WacomTouchDriver" and anchor apple generic and certificate leaf[subject.CN] = "Mac Developer: Carl MacDonald (33BE3E9G7X)" and certificate 1[field.1.2.840.113635.100.6.2.1] / exists /

QuotedText


{/quote}

l@jleomcdo
Sorry for the late reply, missed yours! Weird but if I try to distribute your configuration profile, it fails on each computer in scope...

@carlo.anselmi I plugged it into the PPPC Utility and got a slightly different identifier.
Try



anchor apple generic and identifier "com.wacom.WacomTouchDriver" and (certificate leaf[field.1.2.840.113635.100.6.1.9] / exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = EG27766DY7)

@sdunbar Yes, that's it!
Thank you!

Can someone export there configuration profile they are using to allow wascom tablets. This article doesn't show how its being done.
Thanks!

@pranzinic
Try this one



<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

    <key>PayloadContent</key>

    <array>

        <dict>

            <key>PayloadDescription</key>

            <string>PPC Wacom Tablet Accessibility</string>

            <key>PayloadDisplayName</key>

            <string>Wacom Tablet Accessibility</string>

            <key>PayloadEnabled</key>

            <true/>

            <key>PayloadIdentifier</key>

            <string>03287C22-1A78-4C7B-A6D6-865D67F01B52</string>

            <key>PayloadOrganization</key>

            <string>MyOrganization</string>

            <key>PayloadType</key>

            <string>com.apple.TCC.configuration-profile-policy</string>

            <key>PayloadUUID</key>

            <string>D529965F-4D3B-42AC-8B19-05343F1981BE</string>

            <key>PayloadVersion</key>

            <integer>1</integer>

            <key>Services</key>

            <dict>

                <key>Accessibility</key>

                <array>

                    <dict>

                        <key>Allowed</key>

                        <integer>1</integer>

                        <key>CodeRequirement</key>

                        <string>identifier "com.wacom.wacomtablet" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = EG27766DY7</string>

                        <key>Identifier</key>

                        <string>com.wacom.wacomtablet</string>

                        <key>IdentifierType</key>

                        <string>bundleID</string>

                        <key>StaticCode</key>

                        <integer>0</integer>

                    </dict>

                    <dict>

                        <key>Allowed</key>

                        <integer>1</integer>

                        <key>CodeRequirement</key>

                        <string>anchor apple generic and identifier "com.wacom.WacomTouchDriver" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = EG27766DY7)</string>

                        <key>Identifier</key>

                        <string>com.wacom.WacomTouchDriver</string>

                        <key>IdentifierType</key>

                        <string>bundleID</string>

                        <key>StaticCode</key>

                        <integer>0</integer>

                    </dict>

                </array>

            </dict>

        </dict>

    </array>

    <key>PayloadDescription</key>

    <string></string>

    <key>PayloadDisplayName</key>

    <string>Wacom Tablet Accessibility</string>

    <key>PayloadEnabled</key>

    <true/>

    <key>PayloadIdentifier</key>

    <string>D4DDC983-ABA7-40CE-9FCB-17BCD1E8169D</string>

    <key>PayloadOrganization</key>

    <string>MyOrganization</string>

    <key>PayloadRemovalDisallowed</key>

    <true/>

    <key>PayloadScope</key>

    <string>System</string>

    <key>PayloadType</key>

    <string>com.apple.TCC.configuration-profile-policy</string>

    <key>PayloadUUID</key>

    <string>D4DDC983-ABA7-40CE-9FCB-17BCD1E8169D</string>

    <key>PayloadVersion</key>

    <integer>1</integer>

</dict>

</plist>

Responding to an old post, I need to do this in our Industrial Design lab for a bunch of big pen displays. Building with Catalina. Last year we just all went in to that lab and did it by hand like Wacom describes on their site (you would think they would have this under control by now). Will the above work for Catalina and the 6.3.40-2 version of their drivers? Thanks very much for any assistance anyone can provide on this.

Hi @thebrucecarter I posted a few days ago all the Catalina settings for Wacom software in this thread:
https://www.jamf.com/jamf-nation/discussions/32850/wacom-tablet-privacy-policy-preference-profile
See my replies to K.K.
3x PPPC config files for uploading to Jamf Pro and the Approved Kernel Extension TeamID and Bundle IDs as Wacom is still using old Kexts in their latest driver release. This is working for me on 10.15.6 and is being used in a Student computer lab.
The only thing you can't automate is the keyboard input monitor. Everything else can be configured via a PPPC file.

The driver has once again moved in Big Sur.  

 

  • Click on the desktop and press Command+Shift+G, open Finder, or click Go on the Menu Bar and select Go to Folder
  • Type: /Library/ PrivilegedHelperTools/ then press GO
  • Locate the com.wacom.IOManager.app

Reply


Terms & ConditionsCookie settings