Hi all,
I am trying to deploy Cynet on several macOS machines with pkg and then grant full disk access on each machine remotely using Jamf pro.
Can you please help me on how to do it?
Thanks! Ben.
Solved
Deploy a pkg with full disk access
+2Best answer by mm2270
bengold wrote:
Thank @mm2270 !
Should I change the Payload Identifier and the Signing Identity? or I can leave it as default?
And Organization, Payload name & descripition should be Cynet's I guess, right?
Thanks again!
Are you talking about when using the PPPC Utility?
If so, the Organization name can be anything that makes sense to you. It's just a label, but usually it would be your org, not Cynet's.
I would leave the Payload Identifier to whatever the app chose. You as an admin really don't see those. It's just a unique ID for the profile that gets assigned to it and how the OS sees it when it's installed. Don't worry about choosing a Signing identity unless you have one you want to use that you know will work. If you leave it set to Not Signed, Jamf Pro will add its own signing to the profile when it gets uploaded to your console.
+16Granting Full Disk Access for an application or service can't be done in a package or even a script. It has to be done with a Configuration Profile, specifically a PPPC (Privacy Policy Preferences Control) profile. If you're not familiar with how to make these, I suggest downloading Jamf's PPPC Utility from their github page and using that to set up the profile, and then save it directly to your Jamf Pro server or save it to a .mobileconfig file that you can import into your Jamf console.
https://github.com/jamf/PPPC-Utility
Alternatively, I would check with Cynet support to see if they already have a profile they can send you, or point you to, that has everything in it already for granting full disk access. Many vendors of products that have Mac versions already have these created for customers, since anyone using their stuff on Macs is going to need to set those profiles up for their software to work correctly.
+2mm2270 wrote:
Granting Full Disk Access for an application or service can't be done in a package or even a script. It has to be done with a Configuration Profile, specifically a PPPC (Privacy Policy Preferences Control) profile. If you're not familiar with how to make these, I suggest downloading Jamf's PPPC Utility from their github page and using that to set up the profile, and then save it directly to your Jamf Pro server or save it to a .mobileconfig file that you can import into your Jamf console.
https://github.com/jamf/PPPC-Utility
Alternatively, I would check with Cynet support to see if they already have a profile they can send you, or point you to, that has everything in it already for granting full disk access. Many vendors of products that have Mac versions already have these created for customers, since anyone using their stuff on Macs is going to need to set those profiles up for their software to work correctly.
Thank @mm2270 !
Should I change the Payload Identifier and the Signing Identity? or I can leave it as default?
And Organization, Payload name & descripition should be Cynet's I guess, right?
Thanks again!
+16bengold wrote:
Thank @mm2270 !
Should I change the Payload Identifier and the Signing Identity? or I can leave it as default?
And Organization, Payload name & descripition should be Cynet's I guess, right?
Thanks again!
Are you talking about when using the PPPC Utility?
If so, the Organization name can be anything that makes sense to you. It's just a label, but usually it would be your org, not Cynet's.
I would leave the Payload Identifier to whatever the app chose. You as an admin really don't see those. It's just a unique ID for the profile that gets assigned to it and how the OS sees it when it's installed. Don't worry about choosing a Signing identity unless you have one you want to use that you know will work. If you leave it set to Not Signed, Jamf Pro will add its own signing to the profile when it gets uploaded to your console.
1 person likes this
Reply
Most helpful members this week
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.