- Jamf Nation Community
- Products
- Jamf Pro
- Re: Background Login Items - Ventura
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on β10-26-2022 05:43 AM
Trying to set up a config profile for this new feature set. I have used Jamf's example and Apple's example as starting points, but the radio buttons for the items I have set to be managed are still able to be turned off and do not say they are managed like the Jamf apps are.
Has anyone else had success in getting a config profile to work for this yet?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on β10-26-2022 06:23 AM
Use iMazing Profile Editor and this guide
https://hammen.medium.com/managing-login-items-for-macos-ventura-e78d627f88b6
19 REPLIES 19
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on β10-26-2022 06:23 AM
Use iMazing Profile Editor and this guide
https://hammen.medium.com/managing-login-items-for-macos-ventura-e78d627f88b6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on β11-30-2022 01:29 PM
That article worked very well for me... except the last point, #18. On my test computer where I upgrade from macOS 12 to macOS 13, the "Managed Login Items - Jamf Apps" is pushed immediately, but not my custom defined "Managed Login Items". Mine gets pushed only after the computer checks-in, and I scoped it out as per the article #18 (Smart Group with a Profile Identifier of com.jamf.servicemanagement.backgroundapps).
I do have some users who would go look at what they can disable immediately after the upgrade, so I'm concerned about that. Any suggestions?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on β10-26-2022 06:41 AM
Service Management - Managed Login Items in iMazing Profile Editor will help to create the profile.
"sudo sfltool dumpbtm" will list all the login items and details to add it in the profile.
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on β10-31-2022 01:26 PM
Here's what I got to finally work. Save the below as a .mobileconfig file, and then upload it to Jamf after updating your org name. You'll have to generate new PayloadUUID's with uuidgen in terminal if you use this as a template for other applications.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>Service Management - Managed Login Items</string>
<key>PayloadIdentifier</key>
<string>com.apple.servicemanagement.1ED2CC51-41E0-49EB-A8D1-E6B5C3A283CC</string>
<key>PayloadType</key>
<string>com.apple.servicemanagement</string>
<key>PayloadUUID</key>
<string>1ED2CC51-41E0-49EB-A8D1-E6B5C3A283CC</string>
<key>PayloadVersion</key>
<array>
<dict>
<key>Comment</key>
<string>Zoom</string>
<key>RuleType</key>
<string>Label</string>
<key>RuleValue</key>
<string>us.zoom.ZoomDaemon</string>
</dict>
</array>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Zoom - Managed Background and Login Items</string>
<key>PayloadIdentifier</key>
<string>YOURORGHERE.87731DFF-DE49-482B-958F-0623F514D2AF</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>87731DFF-DE49-482B-958F-0623F514D2AF</string>
</dict>
</plist>
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on β11-06-2022 08:53 PM
Thanks! What is the Preference Domain assignment in this zoom example?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on β11-11-2022 06:24 AM
For "Managed Login Items" the preference domain is always
com.apple.servicemanagement
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on β11-01-2022 04:46 AM
I had never tried iMazing before, thank you both that suggested it! Holy crap this is going to make things easier
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on β11-23-2022 09:13 AM
Can't get this to work. I tried the profile created by naschenbrenner above. I changed the UUID codes and uploaded it to Jamf. It pushes out to the workstation, and the profile installs. However the toggles in LoginItems can be still changed. The computer I am testing with is Ventura 13.0.1. It was upgraded from the Beta... so maybe something is not working right? I also tried to add the team id, and the LabelPrefix:
<dict>
<key>RuleType</key>
<string>TeamIdentifier</string>
<key>RuleValue</key>
<string>BJ4HAAB9B3</string>
</dict>
<dict>
<key>RuleType</key>
<string>LabelPrefix</string>
<key>RuleValue</key>
<string>us.zoom</string>
</dict>I will try to re-install the computer with Ventura 13.0.1 from scratch to see if this fixes the issue...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
β11-29-2022 03:55 PM - edited β11-30-2022 03:26 PM
Hello,
Use the accepted solution mentioned above. It works really well and is very easy to create. I was quite impressed with it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on β12-12-2022 01:06 PM
Here is the Profile info from using Robert Hammen's info. Used iMazing Profile Editor to build it and then upload it. Works great...no more notifications. Just scoped to enrollment for Smart Group "macOS 13."
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>NotificationSettings</key>
<array>
<dict>
<key>BundleIdentifier</key>
<string>com.apple.BTMNotificationAgent</string>
<key>NotificationsEnabled</key>
<false/>
</dict>
</array>
<key>PayloadIdentifier</key>
<string>com.apple.notificationsettings.12c05d0d-6231-4621-9ac6-a781a626951b</string>
<key>PayloadType</key>
<string>com.apple.notificationsettings</string>
<key>PayloadUUID</key>
<string>12c05d0d-6231-4621-9ac6-a781a626951b</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>Disable Background Task Management Notifications</string>
<key>PayloadDisplayName</key>
<string>Disable Background Task Management Notifications</string>
<key>PayloadIdentifier</key>
<string>com.apple.notificationsettings.5ea4543d-f0fe-4f19-9e5f-7fab2051b712</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>5ea4543d-f0fe-4f19-9e5f-7fab2051b712</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
β12-13-2022 01:41 PM - edited β12-13-2022 01:43 PM
@scottb Thanks for sharing your solution Scott. A general question regarding your solution and Robert Hammen. Once we deploy the Disable Notifications to our fleet will it block ALL Notifications from any software or just the titles related to the Managed Logins?
I already have notifications disabled for Qualys, Forescout, FireEye etc. So wondering if I need to make more changes.
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
β12-13-2022 02:31 PM - edited β12-13-2022 02:33 PM
@pueo - did you block Notifications or did you lock down those with Agents/Daemons (login)?
The one above will silence 'em all, and you don't (AFAIK) have to alter it. The one I made to lockdown the Login items I need to update as I add new Team Identifiers to the list. The profile above will stop you from being told about new Login Items being added...
Similar, but different items...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on β12-13-2022 03:18 PM
For the apps I mentioned I used Notification and the specific Bundle ID to block them.
You say the one above will silence them all. Is that ALL notifications for ALL Apps or just New Login Items as mentioned in the last line. It was not clear to me.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on β12-14-2022 09:59 AM
Login Item management is not built into the latest Jamf Pro version? We should continue to use Robert Hammen's solution?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on β12-20-2022 07:37 AM
To block the "Managed Login Items Added" notification, use this simple procedure:
- Create a new Configuration Profile
- Set to Computer level
- Select the Notifications payload
- Leave App Name blank
- Enter "com.apple.btmnotificationagent" into the Bundle ID field
- Select Disable for Critical alerts
- Select Disable for Notifications
- Scope to a test machine to test
- Save Profile
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on β12-20-2022 07:40 AM
Another way to block the "Managed Login Items Added" notification is to:
- Create a new Configuration Profile
- Set to Computer Level
- Select Notifications payload
- Skip App Name field, leave it blank
- Enter "com.apple.btmnotificationagent" for the Bundle ID
- Select Disable for Critical Alerts
- Select Disable for Notifications
- Scope to test machine(s)
- Save Profile
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
This works great for turning it off for all apps. What if I want to do if for one? Our security wants us to install the Rapid7 agent and I can't figure out how to do this just for that. Can you help?
Thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
I'm trying to grey out elastic-agent in the login items in Ventura but it still doesn't work!
after running this command "sudo sfltool dumpbtm" I got this about Elastic agent :
#15:
UUID: F8A306A3-45BB-4B2B-A1CE-DD5824BB6D7A
Name: elastic-agent
Developer Name: (null)
Type: legacy daemon (0x10010)
Disposition: [enabled, allowed, visible, notified] (11)
Identifier: co.elastic.elastic-agent
URL: file:///Library/LaunchDaemons/co.elastic.elastic-agent.plist
Executable Path: /usr/local/bin/elastic-agent
Generation: 1
Parent Identifier: Unknown Developer
I built a profile like this one below but it still doesn't work ! any tips please?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago - last edited a week ago
Change the "Rule Type" from "BundleIdentifier" to "Label" and use the name of the plist without suffix ("co.elastic.elastic-agent") as the "Rule Value".
