Big Sur Screen Recording Access Requires Admin Rights

nstrauss
Contributor II

Starting in Big Sur, only admin users can enable screen recording access. This change essentially removes the ability for a standard user to share their screen for remote support or videoconferencing tools such as WebEx, Zoom, or Google Meet.

The screen recording preference pane is completely grayed out and an admin user must first authenticate to unlock the pane before being able to enable recording access. Apple responded by saying this behavior is "working as expected."

File feedback now if this is a breaking change for your organization. Your ASM or ABM account can log into AppleSeed and use feedback assistant to voice your opinion. Upvote and reply to this developer forum post as well. https://developer.apple.com/forums/thread/651579

16 REPLIES 16

tomt
Valued Contributor

This is not good. Feeding back now.

Edit: Appleseed seems to be down for updates.

T_Armstrong
Contributor

Also, technically Big Sur discussion is likely NDA'd...

bpavlov
Honored Contributor

@T.Armstrong He's only discussing what's publicly linked and viewable. Feel free to discuss further in the Apple Developer Forum discussion link.

bwoods
Contributor II

It's official, Apple hates us.

bcourtade
New Contributor III

Ouch, I would say this is a show stopping issue for us. After some initial testing I released Big Sur to our users via Self Service since it seemed to work fine and some people requested it. Thankfully only 4 people did it before we realized this flaw. Teachers were suddenly unable to share their screens when teaching via Google Meet (remote learning right now...)

This is what I submitted on Apple Seed:
Problem:
-Apps such as Google Chrome require the "Screen Recording" permission in order to share a screen on services such as Google Meet
-The "Screen Recording" permission requires admin rights, teachers do not have admin rights
-Teachers cannot share screens unless a tech manually unlocks the panel and checks the box

Solution:
-Standard Users need ability to allow screen recording permission
-Enterprise Technology Administrators need ability to allow screen recording permission for specific apps via the Privacy Preferences Control profile

Scope:
-Critical Issue affecting all teachers that upgrade to Big Sur. We've pulled back the ability of our users to install Big Sur until this is fixed as they won't be able to effectively teach without IT manually intervening on each machine.

hrhnick
New Contributor III

This was "fixed" in the beta.
You can now deploy a PPPC to allow standard users to enable Screen Recording per application.

bcourtade
New Contributor III

Thank you, just discovered that a moment ago and pushed it out.

Still would love the ability to push "allow" instead of just "let the user do it"...

I'm not sure how Apple sees this as a good workflow. User clicks screen share button. Congratulations! You need to go open this thing in settings! Now you need to restart your program! User has now wasted 15 minutes of their life and has probably contacted IT to do it for them anyway.

bradtchapman
Valued Contributor

Raising awareness of this awesome PPPC profile compiled by @eholtam. It was posted on reddit, but I couldn't find it on JamfNation:

https://github.com/poundbangbash/community-screenrecording-pppc-profile

The profile currently contains a list of 55 app entitlements to permit non-admins to allow screen recording (ScreenCapture).

bwoods
Contributor II

@bradtchapman what preference domain should I use for this profile?

sdagley
Honored Contributor II

@bwoods That's a PPPC, not Applications & Custom Settings, payload so you shouldn't need to specify a preferences domain. You should probably not deploy it as is, but extract the apps appropriate for your environment.

bwoods
Contributor II

@sdagley Thanks, so it's best not to upload this profile; but to "import" the apps one by one using the PPPC payload. Just clarifying for anyone else that sees this.

geoff_widdowson
Contributor

@bwoods If you upload this rather than create a new profile, you don't have to do anything more, it's good to go you just needs scope it. I did it the other day and all the settings are done for you on the PPPC payload.

bwoods
Contributor II

@geoff.widdowson I was copying the xml and trying to paste it into Jamf Pro. lol I downloaded the zip and uploaded the entire profile as you suggested. Thanks!

EddyLara
New Contributor II

@bwoods  did you resolved the issue by pasting the plist in Jamf Pro?

 

If you download the profile from https://github.com/poundbangbash/community-screenrecording-pppc-profile

You can just Upload it directly into your JSS from the Configuration Profile page, using the Upload button. No need to create a New profile and upload within the profile, just Upload to begin.

Upload Config profile.png

EddyLara
New Contributor II

Geoff, Thank you so much for your help. It works!