Help

Enabling Privacy Accessibility For "Non-Admins"

GetCart3r
New Contributor III

Posted on ‎09-02-2021 10:37 AM

Has anyone had luck getting Accessibility to "allow" or "let standard user approve"?

Similar to the post here https://community.jamf.com/t5/jamf-pro/enabling-privacy-accessibility-setting-for-ms-teams/m-p/24557... we've used the PPPC Utility to "let standard users approve" Screen Recording but does not seem to work for accessibility. 

We have a handful of apps that needs Accessibility to "allow" or "let standard user approve" for non-admins but cannot get it to work. Apps like MS Teams, Logitech Logi Options will not work for the "Accessibility" section. 

I've attempted to use the PPPC utility and though the other options work it's "Accessibility" that will just not work.

Screen Shot 2021-09-02 at 2.36.29 PM.png

6 REPLIES 6

sfaeder
New Contributor III

Posted on ‎04-08-2022 04:59 AM

Bumping this post.  Has anyone figured this out yet?  I cannot seem to allow Privacy accessibility for any applications via config profile or the PPPC tool.

0 Kudos

Kai-haloSync
New Contributor
In response to sfaeder

Posted on ‎03-03-2023 08:39 AM

To resolve this issue do the following steps: Use logitech Options plus for this.

  1. Install LogiOptions Plus
  2. Grant all of the permissions manually in Accessibility/Input Settings
  3. Go to Privacy & Security in system settings > Go to Accessibility or Input settings
  4. Right click Logi Options+ > Click "Show in finder"
  5. There you will find the true path of the componant of the application that the access is granted to
  6. Drag that into PPPC utility, there you will see the actual name of "logioptionplus_agent"
  7. Grant that Accessibility & Input monitoring
  8. Upload to Jamf, and scope it to machines with Logitech Options+ installed

This will work as of Ventura 13.2.1 and should work on 13.0 onwards.

 

Hope that helps. 

ashay_mudya
New Contributor II

Posted on ‎05-02-2024 08:55 AM

You should have  2 different bundle id s here for approval with accessibility and input monitoring :

one for logi option + app :

com.logi.optionsplus
identifier "com.logi.optionsplus" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "QED4VVPZWA"

There is daemon present in  library too  which has different bundle id 

com.logi.cp-dev-mgr
identifier "com.logi.cp-dev-mgr" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = QED4VVPZWA

 

 

0 Kudos

Dobson
New Contributor II

3 weeks ago

We've tried granting accessibility to both the logi options plus and agent bundle ids but users still can't enable accessibility without admin prompts:

Dobson_0-1715786802698.png

 

0 Kudos

Jacek_ADC
Contributor II

2 weeks ago

@Dobson From my experience (also known as known issue in jamf courses) what you see in the local GUI (PPPC) is not really correct. This means, that its shown as not enabled, but in reality it is enabled. I made this experience also with other tools and configuring PPPC for it.

The best way to find out if it is working is to testing. With LogiOptions+ no messages from enabling with admin are shown after installation and opening the tool are showing. 

I am actually in the same boat with logioptions+, so i will report if its working or not. 
From my side it looks that actually only 

com.logi.cp-dev-mgr
identifier "com.logi.cp-dev-mgr" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = QED4VVPZWA

is necessary, but i have to test again on fresh enrolled device to be sure.

0 Kudos

Jacek_ADC
Contributor II
In response to Jacek_ADC

2 weeks ago

From my side its working fine with only the one identifier 

com.logi.cp-dev-mgr
identifier "com.logi.cp-dev-mgr" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = QED4VVPZWA

for:

Input Monitoring - ListenEvent

Accessibility

Its shown as not enabled in Input Monitoring,

and not showing at all in accessibility

how i told before. The PPPC Configuration is working fine. No windows while installing for input monitoring and not window for admin while starting the app the first time for accessibility

0 Kudos