Posted on 03-31-2022 05:49 AM
Well I am not sure this is even possible to do, but here goes...
Update Macs to OSX 12.3, and Google Meet screensharing has broken.
I have a PPPC configuration set up to allow non admins to be able to authorise screensharing, all they have to do is go there and click the tickbox.
The fix for the issue is...
Uninstall google Chrome.
Remove Google Chrome from the list in the System Preferences>Privacy>ScreenSharing.
Reinstall Google Chrome
Add Google chrome back in to the list for ScreenSharing.
Ok I can script finding all of the Chrome stuff and remove that. But how on earth do I go about removing it from the ScreenSharing list.
I have around 400 Macs with possibly 2000 different accounts spread across multiple campuses, up to 80 miles apart. So the manual method of going to each mac in turn is not going to happen.
Does removing it as the Administrator on each Mac, remove it for all users on each Mac? If so is there any way possible to script that?
Any help will be greatly appreciated.
Thanks
Solved! Go to Solution.
Posted on 03-31-2022 06:57 AM
Hi,
here is the fix from Google:
Posted on 03-31-2022 06:51 AM
The only way I can think of is using the tccutil
tccutil reset ScreenCapture com.google.Chrome
Posted on 03-31-2022 06:57 AM
Hi,
here is the fix from Google:
Posted on 04-05-2022 06:38 AM
hi,
have you found the script?
thanks
Vijaya
Posted on 04-05-2022 07:04 AM
Hi @Siri4567 ,
what do you mean?
You can run the tccutil reset ScreenCapture com.google.Chrome Command with the Execute Command in Files and Processes. Make the policy available in Self Service or trigger it at the Check-in.
Posted on 05-11-2022 01:30 AM
Just posting the same solution as Nick1403 posted with a little more information.
Seems like after the Chrome update that broke the Screen Sharing thing Google has updated their com.apple.TCC.configuration-profile-policy.
You can see if your Mac has the old com.apple.TCC.configuration-profile-policy by running:
sudo profiles list --output=stdout-xml | grep --before-context=1 c9a99324ca3fcb23dbcc36bd5fd4f9753305130a
If the output looks like this you are using the old com.apple.TCC.configuration-profile-policy:
<key>CodeRequirement</key>
<string>(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string>
Solution:
Remove your old Chrome Privacy Preferences Policy Control from your MDM handler (in my case Jamf Pro) and add the following instead:
Identifier
com.google.Chrome
Code Requirement
(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = EQHXZ8M8AV
ScreenCapture - Allow Standard Users to Allow Access
And all the other stuff you might want Chrome to get access to.
Push this profile to your Mac's and after that have a Policy that runs:
tccutil reset ScreenCapture com.google.Chrome
From what i found it seemed like some Mac's didn't pick up the new config, the simplest solution for us in this case was to add a "Fix Screen Share" Policy in Self Service that runs the tccutil reset command and added a description with "Ensure that users view the description" with the following information:
This script solves the screen sharing issue with Google Chrome.
Do the following:
1. Go to System Preferences > Security & Privacy > Privacy > Screen Recording and uncheck Google Chrome.
2. Run this script
3. Open Chrome and start a meeting, try to share your screen and you should be asked for screen recording permission. Allow it by checking Google Chrome in System Preferences > Security & Privacy > Privacy > Screen Recording
We have seen that for some users you might need to uncheck and check Google Chrome two times before the new config deploys.
Hope this clarifies and helps other users!
a month ago
@thta : How can we ensure this via some other MDM? if so, what would be the steps? As we have observed, it prompts the error whenever the profile is applied or removed in MDM