Google Meet Screen sharing fails

PaulHazelden
Valued Contributor

Well I am not sure this is even possible to do, but here goes...
Update Macs to OSX 12.3, and Google Meet screensharing has broken.

I have a PPPC configuration set up to allow non admins to be able to authorise screensharing, all they have to do is go there and click the tickbox.

The fix for the issue is...

Uninstall google Chrome.

Remove Google Chrome from the list in the System Preferences>Privacy>ScreenSharing.

Reinstall Google Chrome

Add Google chrome back in to the list for ScreenSharing.

 

Ok I can script finding all of the Chrome stuff and remove that. But how on earth do I go about removing it from the ScreenSharing list.

I have around 400 Macs with possibly 2000 different accounts spread across multiple campuses, up to 80 miles apart. So the manual method of going to each mac in turn is not going to happen.

 

Does removing it as the Administrator on each Mac, remove it for all users on each Mac? If so is there any way possible to script that?

 

Any help will be greatly appreciated.

Thanks

1 ACCEPTED SOLUTION
6 REPLIES 6

junjishimazaki
Valued Contributor

The only way I can think of is using the tccutil 

tccutil reset ScreenCapture com.google.Chrome 

Nick1403
New Contributor III

Siri4567
New Contributor

hi,

have you found the script?

 

thanks

Vijaya

Nick1403
New Contributor III

Hi @Siri4567 , 

what do you mean?

You can run the tccutil reset ScreenCapture com.google.Chrome Command with the Execute Command in Files and Processes. Make the policy available in Self Service or trigger it at the Check-in. 

 

 

 

thta
New Contributor III

Just posting the same solution as Nick1403 posted with a little more information.

Seems like after the Chrome update that broke the Screen Sharing thing Google has updated their com.apple.TCC.configuration-profile-policy.

You can see if your Mac has the old com.apple.TCC.configuration-profile-policy by  running: 

 

sudo profiles list --output=stdout-xml | grep --before-context=1 c9a99324ca3fcb23dbcc36bd5fd4f9753305130a

 

If the output looks like this you are using the old com.apple.TCC.configuration-profile-policy:

 

<key>CodeRequirement</key>

<string>(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string>

 

 


Solution:

Remove your old Chrome Privacy Preferences Policy Control from your MDM handler (in my case Jamf Pro) and add the following instead:

Identifier

 

com.google.Chrome

 

Code Requirement

 

(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = EQHXZ8M8AV

 


ScreenCapture - Allow Standard Users to Allow Access
And all the other stuff you might want Chrome to get access to.

Screenshot 2022-05-11 at 10.12.03.png


Push this profile to your Mac's and after that have a Policy that runs:

 

tccutil reset ScreenCapture com.google.Chrome

 


From what i found it seemed like some Mac's didn't pick up the new config, the simplest solution for us in this case was to add a "Fix Screen Share" Policy in Self Service that runs the tccutil reset command and added a description with "Ensure that users view the description" with the following information:

 

This script solves the screen sharing issue with Google Chrome.

Do the following:
1. Go to System Preferences > Security & Privacy > Privacy > Screen Recording and uncheck Google Chrome.
2. Run this script
3. Open Chrome and start a meeting, try to share your screen and you should be asked for screen recording permission. Allow it by checking Google Chrome in System Preferences > Security & Privacy > Privacy > Screen Recording

We have seen that for some users you might need to uncheck and check Google Chrome two times before the new config deploys.

 


Hope this clarifies and helps other users!  

yash
New Contributor

@thta : How can we ensure this via some other MDM? if so, what would be the steps? As we have observed, it prompts the error whenever the profile is applied or removed in MDM

yash_0-1730272297105.png