Skip to main content
Question

Deploying Script (or something) to Allow Accessibility Changes on Non-Admin Accounts


Forum|alt.badge.img+5

For our state testing this year, the state of Kansas has a client that they want everyone to download. This client has to be able to control the computers it's installed on through Accessibility (In the Security & Privacy settings.) Now, we have close to 2,000 students with Macbook Airs in our one to one, and we need to figure out a way to be able to add that client to the Accessibility list without having to touch all of these computers. Any ideas?

10 replies

mm2270
Forum|alt.badge.img+16
  • Legendary Contributor
  • 7880 replies
  • January 13, 2015

Take a look here:
https://jamfnation.jamfsoftware.com/discussion.html?id=9102

Disclaimer: I haven't tried the instructions outlined in the above thread on Yosemite, so I don't know if this still works. It probably does, but you'll need to test it out and see. (I'm assuming you may need to do this on 10.10 Macs)


Forum|alt.badge.img+13
  • Contributor
  • 180 replies
  • January 13, 2015

via tccutil.py

# Add app to Accessibility database using the bundle ID
sudo tccutil.py --insert com.smileonmymac.textexpander
# Enable (if necessary)
sudo tccutil.py --enable com.smileonmymac.textexpander

via the built-in sqlite3 command:

sudo sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','com.apple.RemoteDesktopAgent',1,1,1,NULL)"

Just replace the bundle ID for whatever your application is.


jhbush
Forum|alt.badge.img+26
  • Esteemed Contributor
  • 539 replies
  • January 13, 2015

+1 for tccutil.py it's been working great for me over the last six months


Forum|alt.badge.img+7
  • Contributor
  • 78 replies
  • September 27, 2016

Neither solution works in Mac OS Sierra because TCC.db is now protected by SIP. :(


Forum|alt.badge.img+13
  • Contributor
  • 180 replies
  • September 27, 2016

Nope. =(


Forum|alt.badge.img+2
  • New Contributor
  • 13 replies
  • September 27, 2016

Does anyone have any idea on Sierra (since it is read only now) how we can add jamfAgent with the box checked in Accessibility?


Forum|alt.badge.img+13
  • Contributor
  • 180 replies
  • September 27, 2016

If you are willing to disable SIP, the aforementioned solutions should still work,


Forum|alt.badge.img+10
  • Valued Contributor
  • 230 replies
  • April 28, 2017

Any solutions in the past 6 months, clever or otherwise, for managing this? #ObviouslyNotWillingToDisableSIP #HostileUserExperience

How are we supposed to manage apps that require access when we restrict users from changing the Security & Privacy prefpane (and why is this specific feature there instead of under Accessibility where it used to reside?)


Forum|alt.badge.img+4
  • New Contributor
  • 14 replies
  • November 20, 2017

Another 6+ months.

Also not going to disable SIP. How are others dealing with this? Manually setting individual machines (for hundreds/thousands of machines)?


Forum|alt.badge.img+12
  • Valued Contributor
  • 181 replies
  • February 21, 2018

So no way to accomplish this without disabling SIP? It looks like we now need to do this for Lanschool on our 2400 student Macs.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings