AutoCAD 2021 Folder permission

rm2930
New Contributor

Long story short, when AutoCAD is deployed via Self Service it completed. When I run a pop up asking for permissions for ~/Library/Autodesk on the profile that I run the installer on. I remedy this by giving read and write access to that specific profile. Once done AutoCAD runs along with other profiles. My questions is, can I run a script that gives everyone read and write access to that folder and link it to self service as an extra step in the deployment process? I keep looking but see that it's on a per user profile basis.

7 REPLIES 7

AntMac
Contributor II

Would highly recommend using a configuration profile for this. You can set all folder permissions needed in a PPPC payload with the permissions set a computer level for users. 

We use this for Creative Cloud and it has been working really well.  

rm2930
New Contributor

Would you mind sharing how you went about that?

AntMac
Contributor II

Sure can and hopefully this is of help to you. Also to clarify on your original question as well, yes you can have another script running in the same policy as your application deployment. Would need to  make sure you set the script priority in the order you wish to run ie before and after. Alternatively if you need the script to run separately you could make use of a smart group that has criteria of checking Autodesk is installed. That could get a little messy if your script needs to run at the user level though. 

So there are 2 ways you can do the PPPC. Originally  I was manually obtaining bundle ID etc from terminal command line. I now use the PPPC utility as it takes a lot of the work out of it. 

Install the PPPC Utility on a test unit
Install the the application you need to set the permissions for 

Open PPPC utility 
Drag and drop the application into PPPC (this populates bundle info and permission options)

Set your permissions

Save file

Import to your JAMF instance

Example for AutoCAD 2022, keeping in mind I have not tried this out specifically for autoCAD. It may take a bit of trial and error with the keys to get exactly what you need. 

Org

com.autodesk.AutoCAD2022

Bundle ID

identifier "com.autodesk.AutoCAD2022" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = XXKJ396S2Y

Level

Computer

Properties

Admin Files Allow

Desktop Folder Allow 

Documents folder Allow -  this one 100% is needed

Full disk access Allow (you may not need this one but on most cad products it does prompt)

Post Events Allow

rm2930
New Contributor

I really appreciate the detailed explanation. However, I tried it and that did not resolve the issue. It has to do with the local profile that PKG is deploying to. When installed on that profile the message pops up but on others it does not. I guess I can try contacting Autodesk and see if there's a command that can push that access to all users. Thanks again for the help.

AntMac
Contributor II

Sorry to hear this did not help. Does seem odd it’s only the logged in account that installed the software is affected. Hopefully Autodesk have a solution for you.

Out of interest how are you deploying it? Are you using something like these scripts for deployment? I ask as we will be needing to do new versions AutoCAD for Mac soon too. Windows versions with the new changes for this year have held us up. 

rm2930
New Contributor

Is there a script that will allow permission without giving it to everyone? Like it should automatically give the current user read and write instead of giving it to everyone. Since it affects the profile that AutoCAD is installed on. But once the permission for that specific user is given then you can open AutoCAD for all users.

nicholi
New Contributor III

I ran into this issue last week.  I don't know if you already found a solution but this is what I added in the install script.

sudo chown -R $USER /Users/$USER/Library/Application\ Support/Autodesk

This will make the currently log in user the owner of the folder.  You wouldn't want to give everyone read/write access to this folder as it's in the user home directory.