Question

Automatically Reset Teams Camera and Microphone for User

5 years ago
March 31, 2020
5 replies
25 views

+9

shaquir
Contributor
154 replies

I wanted to share my method of ensuring Users have the Camera and Microphone enabled for Teams.

Background: As many of you may be aware, the Microphone and Camera TCC privacy options are only adjustable by Users. Some of our users were having issues with the Microphone or Camera for Skype for Business, (not allowing the permissions). I wrote out the following EA and Script to resolve this issue. As we transitioned to Teams, I have redeployed this script to our users.

Solution: I built this script to check for the current logged in User's TCC Camera and Microphone permission. If it see that the Camera or Microphone has been set to not allow, The script will:

1- Check if the app is open, and present the user an AppleScript alert that the app will close in 10 minutes

2- Reset the corresponding permission

(Please be aware that for machines running Mojave and below resetting a single Application's TCC bundle ids does not work properly so the entire microphone or camera TCC settings will be reset. If you have multiple apps that require TCC, please consider the necessity of this script.)

Extension Attribute:
Name: Disabled Microsoft user TCC Values
Script:

1#!/bin/bash
2#This script is created to report disabled Camera or Microphone Security and Privacy access within a logged in user's TCC preferences
3#Shaquir Tannis 3-15-2020
4# Get current logged in user
5loggedInUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }')
6
7# Get current logged in user's home directory
8[[ "$loggedInUser" ]] && loggedInUser_home="$(/usr/bin/dscl /Local/Default read /Users/"$loggedInUser" NFSHomeDirectory | /usr/bin/awk '{print $2}')"
9
10if [[ -z "$loggedInUser" ]]; then
11    exit
12elif [ "${loggedInUser}" != "itadmin" ] || [ "${loggedInUser}" != "root" ] || [ "${loggedInUser}" != "" ]; then
13    #Report 
14    disabledValues=$(/usr/bin/sqlite3 "$loggedInUser_home/Library/Application Support/com.apple.TCC/TCC.db" 'SELECT service, client FROM access WHERE allowed = '0'' | grep "com.microsoft")
15
16    IFS=" "
17    echo "<result>$disabledValues</result>"
18fi

Smart Group:
Name: Teams Webcam or Microphone Disabled

Criteria:
Disabled Microsoft user TCC Values is not <Leave Blank>
And (
Disabled Microsoft user TCC Values like kTCCServiceCamera|com.microsoft.teams
Or
Disabled Microsoft user TCC Values like kTCCServiceMicrophone|com.microsoft.teams
)

Policy:
Name: Fix Teams Microphone or Camera
Frequency: Once every day
Trigger: Check-in
Scope: Teams Webcam or Microphone Disabled
Script: https://github.com/shaquir/ShellScript/blob/master/Reset_Teams_TCC_Camera_or_Microphone.sh

J

+14

jhuls
Valued Contributor
345 replies
5 years ago
April 1, 2020

Interesting approach. Thanks for sharing.

D

+6

djrory
Contributor
73 replies
5 years ago
June 17, 2020

This is very handy, thanks!

D

+6

djrory
Contributor
73 replies
5 years ago
June 19, 2020

Did I miss a step? Seems like AppleScript needs permission to post events?

Executing Policy Fix Teams Microphone or Camera Running script Reset Teams TCC Camera or Microphone... Script exit code: 0 Script result: macOS version is 10.14 so all TCC Microphone or Camera values will be reset Microsoft Teams is running. Will prompt user for permission to close 337:454: execution error: Not authorised to send Apple events to Finder. (-1743) Prompt has completed Closing Microsoft Teams Camera permission reset Re-opening Microsoft Teams

S

+9

shaquir
Author
Contributor
154 replies
5 years ago
June 24, 2020

Hi @djrory,
Jamf has a PPPC whitelist for Apple events on their Github: JamfAppleEvents.mobileconfig
Some more detailed info around this can be found Creating Privacy Preferences Policy Control profiles for macOS.

Alternatively, you could change the AppleScript dialog to use jamfhelper for the dialog prompt. The jamfhelper is natively whitelisted through Jamf.

+7

A-bomb
Contributor
58 replies
4 years ago
August 12, 2021

This is really great @shaquir I am getting an error though. Also are you using this with macOS 11? I would guess it can just be edited to 5 instead go 15 and 11 instead of 10. Please advise about both if you can help.

Script result:
macOS version is 10.5 so all TCC Microphone or Camera values will be reset
Error: no such column: allowed
Permissions Okay

I wanted to share my method of ensuring Users have the Camera and Microphone enabled for Teams.

Background: As many of you may be aware, the Microphone and Camera TCC privacy options are only adjustable by Users. Some of our users were having issues with the Microphone or Camera for Skype for Business, (not allowing the permissions). I wrote out the following EA and Script to resolve this issue. As we transitioned to Teams, I have redeployed this script to our users.

Solution: I built this script to check for the current logged in User's TCC Camera and Microphone permission. If it see that the Camera or Microphone has been set to not allow, The script will:

1- Check if the app is open, and present the user an AppleScript alert that the app will close in 10 minutes

2- Reset the corresponding permission

(Please be aware that for machines running Mojave and below resetting a single Application's TCC bundle ids does not work properly so the entire microphone or camera TCC settings will be reset. If you have multiple apps that require TCC, please consider the necessity of this script.)

Extension Attribute:
Name: Disabled Microsoft user TCC Values
Script:

1#!/bin/bash
2#This script is created to report disabled Camera or Microphone Security and Privacy access within a logged in user's TCC preferences
3#Shaquir Tannis 3-15-2020
4# Get current logged in user
5loggedInUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }')
6
7# Get current logged in user's home directory
8[[ "$loggedInUser" ]] && loggedInUser_home="$(/usr/bin/dscl /Local/Default read /Users/"$loggedInUser" NFSHomeDirectory | /usr/bin/awk '{print $2}')"
9
10if [[ -z "$loggedInUser" ]]; then
11    exit
12elif [ "${loggedInUser}" != "itadmin" ] || [ "${loggedInUser}" != "root" ] || [ "${loggedInUser}" != "" ]; then
13    #Report 
14    disabledValues=$(/usr/bin/sqlite3 "$loggedInUser_home/Library/Application Support/com.apple.TCC/TCC.db" 'SELECT service, client FROM access WHERE allowed = '0'' | grep "com.microsoft")
15
16    IFS=" "
17    echo "<result>$disabledValues</result>"
18fi

Smart Group:
Name: Teams Webcam or Microphone Disabled

Criteria:
Disabled Microsoft user TCC Values is not <Leave Blank>
And (
Disabled Microsoft user TCC Values like kTCCServiceCamera|com.microsoft.teams
Or
Disabled Microsoft user TCC Values like kTCCServiceMicrophone|com.microsoft.teams
)

Policy:
Name: Fix Teams Microphone or Camera
Frequency: Once every day
Trigger: Check-in
Scope: Teams Webcam or Microphone Disabled
Script: https://github.com/shaquir/ShellScript/blob/master/Reset_Teams_TCC_Camera_or_Microphone.sh

Page 1 / 1

Interesting approach. Thanks for sharing.

This is very handy, thanks!

Did I miss a step? Seems like AppleScript needs permission to post events?

Executing Policy Fix Teams Microphone or Camera Running script Reset Teams TCC Camera or Microphone... Script exit code: 0 Script result: macOS version is 10.14 so all TCC Microphone or Camera values will be reset Microsoft Teams is running. Will prompt user for permission to close 337:454: execution error: Not authorised to send Apple events to Finder. (-1743) Prompt has completed Closing Microsoft Teams Camera permission reset Re-opening Microsoft Teams

Hi @djrory,
Jamf has a PPPC whitelist for Apple events on their Github: JamfAppleEvents.mobileconfig
Some more detailed info around this can be found Creating Privacy Preferences Policy Control profiles for macOS.

Alternatively, you could change the AppleScript dialog to use jamfhelper for the dialog prompt. The jamfhelper is natively whitelisted through Jamf.

This is really great @shaquir I am getting an error though. Also are you using this with macOS 11? I would guess it can just be edited to 5 instead go 15 and 11 instead of 10. Please advise about both if you can help.

Script result:
macOS version is 10.5 so all TCC Microphone or Camera values will be reset
Error: no such column: allowed
Permissions Okay

Automatically Reset Teams Camera and Microphone for User

5 replies

Reply

Most helpful members this week

Cookie policy

Cookie settings

Reply

Related topics

Prompt User to Enable Screen Recording TCCicon

Zoom App asks for Admin credentials when use Microphone and Cameraicon

Providing Zero Touch Guided Setup for Camera, Microphone, and Screen Sharing | LaunchPad Meetup

Common macOS Problems (aka for Apple Silicon)

Jamf access for Office 365 - Skype For Business Mic Disabledicon

Most helpful members this week

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings