Deploying Script (or something) to Allow Accessibility Changes on Non-Admin Accounts
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-13-2015 06:53 AM
For our state testing this year, the state of Kansas has a client that they want everyone to download. This client has to be able to control the computers it's installed on through Accessibility (In the Security & Privacy settings.) Now, we have close to 2,000 students with Macbook Airs in our one to one, and we need to figure out a way to be able to add that client to the Accessibility list without having to touch all of these computers. Any ideas?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-13-2015 07:21 AM
Take a look here:
https://jamfnation.jamfsoftware.com/discussion.html?id=9102
Disclaimer: I haven't tried the instructions outlined in the above thread on Yosemite, so I don't know if this still works. It probably does, but you'll need to test it out and see. (I'm assuming you may need to do this on 10.10 Macs)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-13-2015 08:06 AM
via tccutil.py
# Add app to Accessibility database using the bundle ID
sudo tccutil.py --insert com.smileonmymac.textexpander
# Enable (if necessary)
sudo tccutil.py --enable com.smileonmymac.textexpandervia the built-in sqlite3 command:
sudo sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','com.apple.RemoteDesktopAgent',1,1,1,NULL)"Just replace the bundle ID for whatever your application is.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-13-2015 09:29 AM
+1 for tccutil.py it's been working great for me over the last six months
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-27-2016 11:17 AM
Neither solution works in Mac OS Sierra because TCC.db is now protected by SIP. :(
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-27-2016 11:53 AM
Nope. =(
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-27-2016 01:08 PM
Does anyone have any idea on Sierra (since it is read only now) how we can add jamfAgent with the box checked in Accessibility?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-27-2016 01:21 PM
If you are willing to disable SIP, the aforementioned solutions should still work,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-28-2017 11:12 AM
Any solutions in the past 6 months, clever or otherwise, for managing this? #ObviouslyNotWillingToDisableSIP #HostileUserExperience
How are we supposed to manage apps that require access when we restrict users from changing the Security & Privacy prefpane (and why is this specific feature there instead of under Accessibility where it used to reside?)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-20-2017 11:27 AM
Another 6+ months.
Also not going to disable SIP. How are others dealing with this? Manually setting individual machines (for hundreds/thousands of machines)?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-21-2018 01:01 PM
So no way to accomplish this without disabling SIP? It looks like we now need to do this for Lanschool on our 2400 student Macs.
