Help

FileVault Profile Configuration Disables Macs' Camera

fdeltesta
Contributor

Posted on ‎05-31-2018 03:24 AM

After enrolling 50+ Computers, some users had me notice that they couldn't use their camera.

After troubleshooting with a spare computer I've noticed that this was caused by one of my configuration profile. Which is intended to redirect the FileVault Key.

But I have no clue why this is happening, can someone give me some insight ?

a8044c8d28a64cae8433118dcfed45fd
b4f7e8d0eff348009ed6ff59ac39a4bc
fb9fd7149acf4f398db2fa8ec828e22b
aeac72fb30834ac0b50489c227fefb12
81b540fad341444e97ad603a23499b19
6412e809c34b473f8fc085dea71cfcea

0 Kudos
4 REPLIES 4

daz_wallace
Contributor III

Posted on ‎05-31-2018 04:51 AM

Hi @fdeltesta

This is a bug with the Jamf Pro Server. Currently, if you use a "Security & Privacy" payload, it will also (incorrectly) add a "Restrictions" payload that blocks the Camera.

You've got two work arounds:
1) (Easy) Add a "Restrictions" payload to the same profile as the "Security & Privacy" profile and set ALL options in it (in all tabs) to the desired values 2) (Harder) Download your completed "Security & Privacy" profile, de-sign it, open it in a text edit to remove the offending payload, re-sign and upload to the Jamf Pro Server (but never edit the actual profile or it may re-break)

More Info: https://www.jamf.com/jamf-nation/discussions/27803/disallow-camera-devices-true

Daz

fdeltesta
Contributor

Posted on ‎05-31-2018 06:51 AM

Thank you, @daz_wallace for you quick and clear response !

I have finally noticed that indeed theres is a line in the profile description where it is written that the camera is disabled.

Unfortunately the first solution you gave me didn't seem to work, so I'd like to try the other one.
But what do you mean by de-sign and re-sign, and how am i supposed to reupload it so it takes the place of the original one ?

0 Kudos

daz_wallace
Contributor III

Posted on ‎06-01-2018 12:35 AM

Hi @fdeltesta

When you tried the first option, did you add it to the same profile as the Security and Privacy profile? Also did you go through all the options and Tick the allow Camera option? This is off by default. Lastly, did you push this out to all devices, or just 'newly scoped devices'?

Darren

0 Kudos

Nmangal
New Contributor III

Posted on ‎06-01-2018 02:24 PM

Hi,

How we can create a Smart Computer Group for the devices in which camera is disabled to pull out the report?

Please assist

0 Kudos