I wrote a custom migration script that reads several aspects of the users home folder and backs them up to a user specified destination. That part seems to be working OK, but when I go to write this data back to the same locations on the user's new system, it needs full disk access to work. My idea was to have the script run directly from Self service (Policy > script execute), but in order to do so, Self service needs full disk access to be able to write back to the users Library folder. What PPPC do I need to create to allow Self service to have full disk access?
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string>PPPC for Self Service</string>
<key>PayloadDisplayName</key>
<string>PPPC for Self Service</string>
<key>PayloadIdentifier</key>
<string>07FE5300-B169-4B6C-8449-DC252142E810</string>
<key>PayloadOrganization</key>
<string>com.myorg</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>4415E5D3-4346-418D-9F7A-423F9F003046</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Services</key>
<dict>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Allowed</key>
<true/>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.jamfsoftware.selfservice.mac" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "483DWKW443")</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.jamfsoftware.selfservice.mac</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
</dict>
</dict>
</array>
<key>PayloadDescription</key>
<string>PPPC for Self Service</string>
<key>PayloadDisplayName</key>
<string>PPPC for Self Service</string>
<key>PayloadIdentifier</key>
<string>07FE5300-B169-4B6C-8449-DC252142E810</string>
<key>PayloadOrganization</key>
<string>com.myorg</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>3E9572B6-AC8E-49D8-8ABB-690BEC0158BB</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Save this to a file with a .mobileconfig extension then go to the Configuration Profiles tab in your Jamf Pro console and click the Upload button to import it.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string>PPPC for Self Service</string>
<key>PayloadDisplayName</key>
<string>PPPC for Self Service</string>
<key>PayloadIdentifier</key>
<string>07FE5300-B169-4B6C-8449-DC252142E810</string>
<key>PayloadOrganization</key>
<string>com.myorg</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>4415E5D3-4346-418D-9F7A-423F9F003046</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Services</key>
<dict>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Allowed</key>
<true/>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.jamfsoftware.selfservice.mac" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "483DWKW443")</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.jamfsoftware.selfservice.mac</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
</dict>
</dict>
</array>
<key>PayloadDescription</key>
<string>PPPC for Self Service</string>
<key>PayloadDisplayName</key>
<string>PPPC for Self Service</string>
<key>PayloadIdentifier</key>
<string>07FE5300-B169-4B6C-8449-DC252142E810</string>
<key>PayloadOrganization</key>
<string>com.myorg</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>3E9572B6-AC8E-49D8-8ABB-690BEC0158BB</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Save this to a file with a .mobileconfig extension then go to the Configuration Profiles tab in your Jamf Pro console and click the Upload button to import it.
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.
