Not sure if this is possible anymore, but is there a script/command to use to allow an app for Accessibility? Trying to see if this is possible since our lab machines do not allow admin access.
No, I don't think that will work either. It's stored in a sqlite database, not a regular plist file or other simple setting first off. Second, the location where it lives is protected by SIP if I'm not mistaken, which is the main problem and why it can't be changed. So, sadly, managing this programmatically is no longer an option.
@gmusland If the Macs are on High Sierra, then none of these PPPC approval profiles apply to your org's situation. Anything that is giving you an accessibility pop-up would have to be approved manually by the user in High Sierra (or earlier).
Not sure what you mean here:
There is a BLOCKED KERNEL in JamfNation.com - not sure if this is the "lead" or if it is going in another direction.
I would like to bump this as it was the best solution I found with the current WFH craze and people using Zoom for Remote Control support.
I followed the link from @corey.coles https://github.com/jamf/PPPC-Utility/releases, used this utility to add the Zoom application and Allow Accessibility. Once this was distributed via Jamf Pro, as stated, the box was not checked, but I was able to remote control another device without them needing to allow the accessibility.
I think we can all agree that Apple has made a mess of managing this.
From day one they have had deaf ears to the simplest of solutions - separate Security and Privacy into separate prefpanes. It’s only gotten worse from there.
It’s honestly one of the reasons we have been advocating in my organization to migrate off Macs to Windows. There are so many things I as an administrator cannot manage on my Macs in my enterprise, and any successful workarounds, hacks, scripts et centers that we depend upon may stop working with the next update. It’s terribly frustrating that it has become harder to manage Apple devices at the same time that managing Windows and Chromebooks has become so much simpler.
The fact that Apple doesn’t even provide tools for this shows how little they care about the enterprise environment. In a way I cannot wait for Apple to ship ARM-based Macs as that will certainly kill off their value proposition for many enterprises.
I cannot believe THIS is how I have to manage user settings on macOS! PPPC shouldn’t even be a thing. Sigh.
It's not so bad when you can manage it via a Config Profile (yes it's more work but it's manageable) - the real bugbear is that you can only half manage it.
eg: Zoom we can deploy a config profile to enable Zoom in the Accessibility pane so that we can remotely control a device (and not give the end user admin rights to enable that function) however as soon as they want to share screen they are prompted to open System Preferences and check the box next to 'allow screen recording' (which doesn't require admin rights) as we can't add that entry to the config profile!
Same with Microsoft Teams.
Then you get on to video editing... Camtasia - do you want to allow access to Microphone? Yes. Webcam? Yes. Screen Recording? Yes. Files and Folders? Yes. Network Drive? Yes. Out of all that there's only 1 option we can control with a config profile.
Then there's the Notifications....
I'm in the process of deploying VNC Server to 77 iMacs so we can have half or more of the class remote in from their iPad.
VNC Server Needs Accessibility Checked to function. Cannot be done by a Standard User.
I've tried doing it with PPPC Utility - Does anyone have the Code Requirement.
I get the security risks with being able to invoke Screen Sharing/KVM access remotely but these are DEP configured Macs why is this 'feature' still broken?
If there isn't a fix for this I'm going to have to do it manually on each device using ARD or similar.