Skip to main content
Question

Deploying Script (or something) to Allow Accessibility Changes on Non-Admin Accounts

  • January 13, 2015
  • 10 replies
  • 49 views
E
Forum|alt.badge.img+5

For our state testing this year, the state of Kansas has a client that they want everyone to download. This client has to be able to control the computers it's installed on through Accessibility (In the Security & Privacy settings.) Now, we have close to 2,000 students with Macbook Airs in our one to one, and we need to figure out a way to be able to add that client to the Accessibility list without having to touch all of these computers. Any ideas?

    10 replies

    mm2270
    Forum|alt.badge.img+24
    • mm2270
    • Legendary Contributor
    • January 13, 2015

    Take a look here:
    https://jamfnation.jamfsoftware.com/discussion.html?id=9102

    Disclaimer: I haven't tried the instructions outlined in the above thread on Yosemite, so I don't know if this still works. It probably does, but you'll need to test it out and see. (I'm assuming you may need to do this on 10.10 Macs)

    J
    Forum|alt.badge.img+13
    • jacob_salmela
    • Contributor
    • January 13, 2015

    via tccutil.py

    # Add app to Accessibility database using the bundle ID
sudo tccutil.py --insert com.smileonmymac.textexpander
# Enable (if necessary)
sudo tccutil.py --enable com.smileonmymac.textexpander

    via the built-in sqlite3 command:

    sudo sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','com.apple.RemoteDesktopAgent',1,1,1,NULL)"

    Just replace the bundle ID for whatever your application is.

    jhbush
    Forum|alt.badge.img+26
    • jhbush
    • Esteemed Contributor
    • January 13, 2015

    +1 for tccutil.py it's been working great for me over the last six months

    E
    Forum|alt.badge.img+7
    • EdLuo
    • Contributor
    • September 27, 2016

    Neither solution works in Mac OS Sierra because TCC.db is now protected by SIP. :(

    J
    Forum|alt.badge.img+13
    • jacob_salmela
    • Contributor
    • September 27, 2016

    Nope. =(

    J
    Forum|alt.badge.img+2
    • joshua11
    • New Contributor
    • September 27, 2016

    Does anyone have any idea on Sierra (since it is read only now) how we can add jamfAgent with the box checked in Accessibility?

    J
    Forum|alt.badge.img+13
    • jacob_salmela
    • Contributor
    • September 27, 2016

    If you are willing to disable SIP, the aforementioned solutions should still work,

    G
    Forum|alt.badge.img+10
    • gabester
    • Valued Contributor
    • April 28, 2017

    Any solutions in the past 6 months, clever or otherwise, for managing this? #ObviouslyNotWillingToDisableSIP #HostileUserExperience

    How are we supposed to manage apps that require access when we restrict users from changing the Security & Privacy prefpane (and why is this specific feature there instead of under Accessibility where it used to reside?)

    R
    Forum|alt.badge.img+4
    • Rocky
    • New Contributor
    • November 20, 2017

    Another 6+ months.

    Also not going to disable SIP. How are others dealing with this? Manually setting individual machines (for hundreds/thousands of machines)?

    M
    Forum|alt.badge.img+12
    • musat
    • Valued Contributor
    • February 21, 2018

    So no way to accomplish this without disabling SIP? It looks like we now need to do this for Lanschool on our 2400 student Macs.

    Terms & ConditionsCookie settingsAccessibility statement