Posted on 06-08-2023 08:11 AM
Hi all,
I am trying to deploy Cynet on several macOS machines with pkg and then grant full disk access on each machine remotely using Jamf pro.
Can you please help me on how to do it?
Thanks! Ben.
Solved! Go to Solution.
Posted on 06-08-2023 09:48 AM
Are you talking about when using the PPPC Utility?
If so, the Organization name can be anything that makes sense to you. It's just a label, but usually it would be your org, not Cynet's.
I would leave the Payload Identifier to whatever the app chose. You as an admin really don't see those. It's just a unique ID for the profile that gets assigned to it and how the OS sees it when it's installed. Don't worry about choosing a Signing identity unless you have one you want to use that you know will work. If you leave it set to Not Signed, Jamf Pro will add its own signing to the profile when it gets uploaded to your console.
Posted on 06-08-2023 08:21 AM
Granting Full Disk Access for an application or service can't be done in a package or even a script. It has to be done with a Configuration Profile, specifically a PPPC (Privacy Policy Preferences Control) profile. If you're not familiar with how to make these, I suggest downloading Jamf's PPPC Utility from their github page and using that to set up the profile, and then save it directly to your Jamf Pro server or save it to a .mobileconfig file that you can import into your Jamf console.
https://github.com/jamf/PPPC-Utility
Alternatively, I would check with Cynet support to see if they already have a profile they can send you, or point you to, that has everything in it already for granting full disk access. Many vendors of products that have Mac versions already have these created for customers, since anyone using their stuff on Macs is going to need to set those profiles up for their software to work correctly.
Posted on 06-08-2023 08:32 AM
Thank @mm2270 !
Should I change the Payload Identifier and the Signing Identity? or I can leave it as default?
And Organization, Payload name & descripition should be Cynet's I guess, right?
Thanks again!
Posted on 06-08-2023 09:48 AM
Are you talking about when using the PPPC Utility?
If so, the Organization name can be anything that makes sense to you. It's just a label, but usually it would be your org, not Cynet's.
I would leave the Payload Identifier to whatever the app chose. You as an admin really don't see those. It's just a unique ID for the profile that gets assigned to it and how the OS sees it when it's installed. Don't worry about choosing a Signing identity unless you have one you want to use that you know will work. If you leave it set to Not Signed, Jamf Pro will add its own signing to the profile when it gets uploaded to your console.