Jamf Nation Community

blackholemac · ‎04-02-2019

I'm going to be honest...I'm pretty familiar with the tools for writing them (Jamf's GUI, PPPC Utility, Carl Ashley's script), but I'm having a bit of trouble parsing the log files to figure out what I need to grant. Below I have a sample for Microsoft's AutoUpdater. I ran the command to view the TCC logs of places that have previously asked for access. I'm trying to figure out what I need to grant at this point. Bonus points to anyone that can show me where in these logs that you derive your answer for. I obviously am going to have to acquire this skill and can best do so by understanding how to parse the logs rather than just install someone's preconfigured profile.

Thank you in advance,

computername:~ myadminuser$ /usr/bin/log show --predicate 'subsystem == "com.apple.TCC"' | grep Prompting
2019-04-02 08:14:54.826095-0400 0x109c4    Error       0x0                  199    0    tccd: [com.apple.TCC:access] Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.jamfsoftware.jamfHelper, PID[25370], auid: 0, euid: 0, binary path: '/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper'}, REQ:{ID: com.apple.appleeventsd, PID[48], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
2019-04-02 08:19:45.740865-0400 0x1203     Error       0x0                  188    0    tccd: [com.apple.TCC:access] Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.microsoft.autoupdate.fba, PID[993], auid: 501, euid: 501, binary path: '/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app/Contents/MacOS/Microsoft AU Daemon'}, REQ:{ID: com.apple.appleeventsd, PID[49], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
2019-04-02 08:47:00.026534-0400 0x2b15     Error       0x0                  188    0    tccd: [com.apple.TCC:access] Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.microsoft.autoupdate.fba, PID[1403], auid: 501, euid: 501, binary path: '/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app/Contents/MacOS/Microsoft AU Daemon'}, REQ:{ID: com.apple.appleeventsd, PID[49], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
2019-04-02 08:47:00.027464-0400 0x2c10     Error       0x54a1               637    0    tccd: [com.apple.TCC:access] Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.microsoft.autoupdate.fba, PID[1403], auid: 501, euid: 501, binary path: '/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app/Contents/MacOS/Microsoft AU Daemon'}, REQ:{ID: com.microsoft.autoupdate.fba, PID[1403], auid: 501, euid: 501, binary path: '/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app/Contents/MacOS/Microsoft AU Daemon'}
2019-04-02 08:47:06.683536-0400 0x2c78     Error       0x54f8               637    0    tccd: [com.apple.TCC:access] Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.microsoft.autoupdate.fba, PID[1403], auid: 501, euid: 501, binary path: '/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app/Contents/MacOS/Microsoft AU Daemon'}, REQ:{ID: com.microsoft.autoupdate.fba, PID[1403], auid: 501, euid: 501, binary path: '/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app/Contents/MacOS/Microsoft AU Daemon'}
2019-04-02 08:47:12.860634-0400 0x2c78     Error       0x5575               637    0    tccd: [com.apple.TCC:access] Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.microsoft.autoupdate.fba, PID[1403], auid: 501, euid: 501, binary path: '/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app/Contents/MacOS/Microsoft AU Daemon'}, REQ:{ID: com.microsoft.autoupdate.fba, PID[1403], auid: 501, euid: 501, binary path: '/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app/Contents/MacOS/Microsoft AU Daemon'}
2019-04-02 08:47:19.013875-0400 0x2ceb     Error       0x5602               637    0    tccd: [com.apple.TCC:access] Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.microsoft.autoupdate.fba, PID[1403], auid: 501, euid: 501, binary path: '/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app/Contents/MacOS/Microsoft AU Daemon'}, REQ:{ID: com.microsoft.autoupdate.fba, PID[1403], auid: 501, euid: 501, binary path: '/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app/Contents/MacOS/Microsoft AU Daemon'}
2019-04-02 08:47:25.021871-0400 0x2d1d     Error       0x5671               637    0    tccd: [com.apple.TCC:access] Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.microsoft.autoupdate.fba, PID[1403], auid: 501, euid: 501, binary path: '/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app/Contents/MacOS/Microsoft AU Daemon'}, REQ:{ID: com.microsoft.autoupdate.fba, PID[1403], auid: 501, euid: 501, binary path: '/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app/Contents/MacOS/Microsoft AU Daemon'}

mroe · ‎04-02-2019

I just figured this one out myself. I don't know if you're using the same exact method for calling on your updates as me, but I found there are 4 components that have to be allowed for MAU to trigger without dialog. You may or may not have to also allow the terminal if you're work flow requires it. I just figured this out literally 30-45 minutes ago as I am writing this, so I don't know all of the ins and outs to my solution, I just know it worked for my environment.

https://www.jamf.com/jamf-nation/discussions/31533/profile-for-windows-auto-updater-office-2016

sshort · ‎04-02-2019

@blackholemac @mroe Last month I went through this training course, and there's a section on "registering" the Office apps with AutoUpdate so that it triggers update notifications as expected. It might be worth checking out that process to see if that alone resolves/prevents the PPPC issues you're seeing.

https://office4mac.thinkific.com/courses/msupdate

Jamf Nation Community

Frustrated working with PPPC profiles