- Jamf Nation Community
- Products
- Jamf Pro
- Full disk access from Self service script
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
Greetings admins!
I wrote a custom migration script that reads several aspects of the users home folder and backs them up to a user specified destination. That part seems to be working OK, but when I go to write this data back to the same locations on the user's new system, it needs full disk access to work. My idea was to have the script run directly from Self service (Policy > script execute), but in order to do so, Self service needs full disk access to be able to write back to the users Library folder. What PPPC do I need to create to allow Self service to have full disk access?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
@LtCmdrScott The following will provide FDA for Self Service (it was created by https://github.com/jamf/PPPC-Utility):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string>PPPC for Self Service</string>
<key>PayloadDisplayName</key>
<string>PPPC for Self Service</string>
<key>PayloadIdentifier</key>
<string>07FE5300-B169-4B6C-8449-DC252142E810</string>
<key>PayloadOrganization</key>
<string>com.myorg</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>4415E5D3-4346-418D-9F7A-423F9F003046</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Services</key>
<dict>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Allowed</key>
<true/>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.jamfsoftware.selfservice.mac" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "483DWKW443")</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.jamfsoftware.selfservice.mac</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
</dict>
</dict>
</array>
<key>PayloadDescription</key>
<string>PPPC for Self Service</string>
<key>PayloadDisplayName</key>
<string>PPPC for Self Service</string>
<key>PayloadIdentifier</key>
<string>07FE5300-B169-4B6C-8449-DC252142E810</string>
<key>PayloadOrganization</key>
<string>com.myorg</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>3E9572B6-AC8E-49D8-8ABB-690BEC0158BB</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Save this to a file with a .mobileconfig extension then go to the Configuration Profiles tab in your Jamf Pro console and click the Upload button to import it.
Reply
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
@LtCmdrScott The following will provide FDA for Self Service (it was created by https://github.com/jamf/PPPC-Utility):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string>PPPC for Self Service</string>
<key>PayloadDisplayName</key>
<string>PPPC for Self Service</string>
<key>PayloadIdentifier</key>
<string>07FE5300-B169-4B6C-8449-DC252142E810</string>
<key>PayloadOrganization</key>
<string>com.myorg</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>4415E5D3-4346-418D-9F7A-423F9F003046</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Services</key>
<dict>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Allowed</key>
<true/>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.jamfsoftware.selfservice.mac" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "483DWKW443")</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.jamfsoftware.selfservice.mac</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
</dict>
</dict>
</array>
<key>PayloadDescription</key>
<string>PPPC for Self Service</string>
<key>PayloadDisplayName</key>
<string>PPPC for Self Service</string>
<key>PayloadIdentifier</key>
<string>07FE5300-B169-4B6C-8449-DC252142E810</string>
<key>PayloadOrganization</key>
<string>com.myorg</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>3E9572B6-AC8E-49D8-8ABB-690BEC0158BB</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Save this to a file with a .mobileconfig extension then go to the Configuration Profiles tab in your Jamf Pro console and click the Upload button to import it.
Reply
