Help

Deploying Script (or something) to Allow Accessibility Changes on Non-Admin Accounts

Eisiminger
New Contributor III

Posted on ‎01-13-2015 06:53 AM

For our state testing this year, the state of Kansas has a client that they want everyone to download. This client has to be able to control the computers it's installed on through Accessibility (In the Security & Privacy settings.) Now, we have close to 2,000 students with Macbook Airs in our one to one, and we need to figure out a way to be able to add that client to the Accessibility list without having to touch all of these computers. Any ideas?

0 Kudos
10 REPLIES 10

mm2270
Legendary Contributor III

Posted on ‎01-13-2015 07:21 AM

Take a look here:
https://jamfnation.jamfsoftware.com/discussion.html?id=9102

Disclaimer: I haven't tried the instructions outlined in the above thread on Yosemite, so I don't know if this still works. It probably does, but you'll need to test it out and see. (I'm assuming you may need to do this on 10.10 Macs)

0 Kudos

jacob_salmela
Contributor II

Posted on ‎01-13-2015 08:06 AM

via tccutil.py

# Add app to Accessibility database using the bundle ID
sudo tccutil.py --insert com.smileonmymac.textexpander
# Enable (if necessary)
sudo tccutil.py --enable com.smileonmymac.textexpander

via the built-in sqlite3 command:

sudo sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','com.apple.RemoteDesktopAgent',1,1,1,NULL)"

Just replace the bundle ID for whatever your application is.

0 Kudos

jhbush
Valued Contributor II

Posted on ‎01-13-2015 09:29 AM

+1 for tccutil.py it's been working great for me over the last six months

0 Kudos

EdLuo
Contributor II

Posted on ‎09-27-2016 11:17 AM

Neither solution works in Mac OS Sierra because TCC.db is now protected by SIP. :(

0 Kudos

jacob_salmela
Contributor II

Posted on ‎09-27-2016 11:53 AM

Nope. =(

0 Kudos

joshua
New Contributor

Posted on ‎09-27-2016 01:08 PM

Does anyone have any idea on Sierra (since it is read only now) how we can add jamfAgent with the box checked in Accessibility?

0 Kudos

jacob_salmela
Contributor II

Posted on ‎09-27-2016 01:21 PM

If you are willing to disable SIP, the aforementioned solutions should still work,

0 Kudos

gabester
Contributor III

Posted on ‎04-28-2017 11:12 AM

Any solutions in the past 6 months, clever or otherwise, for managing this? #ObviouslyNotWillingToDisableSIP #HostileUserExperience

How are we supposed to manage apps that require access when we restrict users from changing the Security & Privacy prefpane (and why is this specific feature there instead of under Accessibility where it used to reside?)

0 Kudos

Rocky
New Contributor III

Posted on ‎11-20-2017 11:27 AM

Another 6+ months.

Also not going to disable SIP. How are others dealing with this? Manually setting individual machines (for hundreds/thousands of machines)?

0 Kudos

musat
Contributor III

Posted on ‎02-21-2018 01:01 PM

So no way to accomplish this without disabling SIP? It looks like we now need to do this for Lanschool on our 2400 student Macs.

0 Kudos