How to add application in screen recording in macOS Catalina

mdzahed154
New Contributor II

I want to add application in screen recording in Security & Privacy pane - Privacy. Can anyone suggest how to add using JAMF Pro

Regards,
Md Khaja Zahed.

28 REPLIES 28

sdunbar
Contributor

Hi, use the PPPC Utility, this usually works well
PPPC-Utility

donmontalvo
Esteemed Contributor II

If I remember correctly, Camera, Microphone, and Screen Recording can only be Denied by administrators. Apple won't let administrators Allow those items on behalf of the user.

An application needs to request access to those items for them to show up on the lists. The user then has to Allow each one.

--
https://donmontalvo.com

larry_barrett
Valued Contributor

To dovetail onto what @donmontalvo is outlining, even if your users are not admins, normal users can access and approve camera and mics without being prompted for credentials. This is a built in Apple security feature and it needs to be presented to users as such. Tech cannot fix this remotely, it is a personal opt-in system.

mdzahed154
New Contributor II

Thanks all for the reply.

Yes when it prompts for the user , user can allow application to grant permission . But i want to add other application like quick Time player remotely.

Thanks and Regards,
Md Khaja Zahed.

donmontalvo
Esteemed Contributor II

@mdzahed154 me thinks you maybe missed the point. :) Apple will not permit you to "Allow" certain items.

Camera, Microphone, Screen Recording, Input Monitoring (new with Catalina), etc...

--
https://donmontalvo.com

mike_knieling
New Contributor

My understanding of what OP is asking about (as I'm searching for this as well) is that the item is put into the Privacy settings, even if the user needs to check the box to actually allow the access. I'm finding that many apps where the users need the microphone (Skype for Business, JoinMe, WebEx, etc.) are not requesting access to the microphone and therefore the users don't even have the ability to grant that access since they're not even showing up in the settings.

mike_knieling
New Contributor

My understanding of what OP is asking about (as I'm searching for this as well) is that the item is put into the Privacy settings, even if the user needs to check the box to actually allow the access. I'm finding that many apps where the users need the microphone (Skype for Business, JoinMe, WebEx, etc.) are not requesting access to the microphone and therefore the users don't even have the ability to grant that access since they're not even showing up in the settings.

mike_knieling
New Contributor

My understanding of what OP is asking about (as I'm searching for this as well) is that the item is put into the Privacy settings, even if the user needs to check the box to actually allow the access. I'm finding that many apps where the users need the microphone (Skype for Business, JoinMe, WebEx, etc.) are not requesting access to the microphone and therefore the users don't even have the ability to grant that access since they're not even showing up in the settings.

mike_knieling
New Contributor

My understanding of what OP is asking about (as I'm searching for this as well) is that the item is put into the Privacy settings, even if the user needs to check the box to actually allow the access. I'm finding that many apps where the users need the microphone (Skype for Business, JoinMe, WebEx, etc.) are not requesting access to the microphone and therefore the users don't even have the ability to grant that access since they're not even showing up in the settings.

L-plateAdmin
Contributor

Yep i can confirm that in Catalina, screen recording the user can only allow along with Mic and Camera, in our case the permission to grant Screen recording requires admin which we a lot of our users cant do. we have an open case with our apple support reps about it, no problem with this being user choice as long as the a normal authenticated user can actually approve it!!

drtaru
New Contributor III

You do not actually need admin access to change settings in Screen Recording, Camera, and Microphone in System Preferences. Even though the pane looks locked in the bottom left you can still manipulate entries without authenticating.

1628a75ec9df432685a5cf01700dd288

We were having an additional issue of apps not populating in Screen Recording due to a permissions issue. The fix was to deploy the following script to Self Service. After having the end user run the script policy in Self Service and re-open the app that needed hardware access the entries populated in System Preferences.

#!/bin/sh

# Get currently logged in user and their home directory
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
loggedInUserHome=`dscl . -read /Users/$loggedInUser | grep NFSHomeDirectory: | cut -c 19- | head -n 1`

# Fix Permissions
chown -f -R $loggedInUser:staff $loggedInUserHome

mani2care
Contributor

@drtaru I have tried but not getting any popup bomgar app .

Chris_Hafner
Valued Contributor II

I've seen some of these get a little deeper. I know that I've had to clear out the TCC database on a machine or two. I will have to look up the process again. it was a little weird to do it manually.

drtaru
New Contributor III

We may have reset the TCC database for screen recording first for the user in question as a general troubleshooting step, this is what may have enabled the permissions reset to fix the issue, I'm not 100% sure though as it was a while ago.

bradsschroeder
New Contributor III

I have removed the Jamf Nation tag and added a Jamf Pro tag in order to more closely align with the conversation. Please let me know if you disagree.

vitaly_il
New Contributor

I'm running Jenkins CI (Maven/Jsystem/Java) on MacMini with Catalina. As part of the pipeline my script should take screen recording. Even I approved "Java" app on SystemPreferences/Security/ScreenRecording Java cannot create screen recording when runs from Jenkins. How to fix that?

dinesh_kachhot
New Contributor

b1792f3c70ca41838c242d854296e8c6
I am having issue of Accessibility and Screen Recording not showing any apps even I allowed apps for screen recording and Accessibility. I just bought new SSD(OWC Aura Pro X2) for my MacBook pro, is it issue of new SSD ?

peterpica
New Contributor

I use Snagit quite often but am unable to allow it to access the screen recording app list under sys/prefs/security&privacy... it just doesn't show up. I don't see any plus signs that would allow me to add it manually either. Any ideas?

drtaru
New Contributor III

@peterpica If you reference my post above, we ran into the same issue with some software and resetting the TCC database and repairing the user folder permissions allowed apps to begin prompting for access again.

peterpica
New Contributor

Having issues with snagit... can't add permissions for it to security&privacy sys prefs even though it's requested permission. It won't automatically add a captured image to the app screen any more since upgrading to Catalina 10.15.6
4f3ebd4224214c778be74538126e423c

mdzahed154
New Contributor II

Hi All,

yes untill the app is launched it doesnt appear in screen recording, but once launched, it has to be checked by user. But is there any way to check the app or provide a permission to quick time player without user intervention. Either by using a config profile or a policy

sdagley
Esteemed Contributor II

@mdzahed154 Screen recording, camera, and microphone access can only be denied via Configuration Profile settings. Allowing access to those items requires the user to provide their approval. This is imposed by Apple. Some people have found workarounds, but I'd not trust them to viable long term as Apple will probably fix those avenues once they're known

allison_cheri
New Contributor

For what OP is doing there is no way - the user has to grant those permissions.

However, for those who have a user who cannot grant permissions by manually adding the app to the list, and isn't getting a popup in the app anymore, here is a script that combines the above-mentioned fixing of home directory permissions, with a prompt for the user to pick the trouble app. It will then extract the Bundle ID and reset TCC for that specific app. After the user closes and reopens they app, they should be prompted again next time they try to screen share (or whatever). This can go in Self Service.

#!/bin/bash

### fixSecurityPrompts.sh
### Allison Skinner
### Created 2020.10
### Fixes an issue where a user isn't prompted for privacy permissions for a specific app and can't add it manually
### Reference: https://www.jamf.com/jamf-nation/articles/683/resetting-transparency-consent-and-control-prompts-on-macos
### Reference: https://www.jamf.com/jamf-nation/articles/683/resetting-transparency-consent-and-control-prompts-on-macos


### Get the currently logged on user and home directory
loggedInUser=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
loggedInUserHome=$(dscl . -read /Users/$loggedInUser | grep NFSHomeDirectory: | cut -c 19- | head -n 1)
echo "Logged in user: $loggedInUser"
echo "Home directory: $loggedInUserHome"

### Fix home directory permissions
chown -f -R $loggedInUser:staff $loggedInUserHome

### Prompt user to locate the app that's having issues
osascript -e 'tell application "System Events" to display dialog "Please select the application that you’re having trouble with." with icon file (("System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:") & "public.generic-pc.icns") buttons {"Next"} default button 1'
appPath=$(osascript << EOF
set theDocument to choose file with prompt "Select the application:" of type {"app"}
EOF
)
echo "Full app path: $appPath"

### Extract the app name
appName=$(basename "$(echo "$appPath" | awk -F ":" '{print $(NF-1)}')" .app)
echo "App name: $appName"

### Get that app's Bundle ID
bundleID=$(osascript << EOF
id of app "$appName"
EOF
)
echo "Bundle ID of $appName: $bundleID"

### Reset the TCC for that specific app
tccutil reset All $bundleID

### Tell the user we're done
osascript << EOF
tell application "System Events" to display dialog "All done! The next time you open $appName you’ll need to grant permissions for it again." with icon file (("System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:") & "public.generic-pc.icns") buttons {"Done"} default button 1
EOF

exit 0

dnsdave
New Contributor

We are having a similar but separate issue whereby non-admin users are not able to allow Screen Recording for apps. Most apps are greyed out and resetting screencapture with tccutil does not permit them to allow. They still require local admin to unlock and allow. The UNIX permissions on these greyed out apps are the same as on any other /Applications app.

 

dnsdave_0-1629485516240.png

 

dnsdave
New Contributor

This article may have the answer for Big Sur but we had this issue with Catalina as well.

https://support.jumpcloud.com/support/s/article/Allow-Standard-Users-to-Approve-Screen-Sharing-and-R...

"In macOS Big Sur, end-users with standard permission no longer have the ability to grant applications the permissions to screen share and record unless explicitly granted access via an MDM payload.
Devices that upgrade to BigSur keep all of their approved screen recording permissions.
"

Jtuggle
New Contributor II

Is this MDM setting available in Jamf? 

Yuniel
New Contributor II

You have to build a Configuration Profile for the app in question using PPPC Utility or other, then setting up the "Allow End User to Approve" under the ScreenRecording Option.    You can then Import that .mobileconfig generated from PPPC to Jamf as a configuration profile.  Cheers

Yuniel
New Contributor II

I would love to find a way to automate the Screen Recording permission for apps that helps us support our end users.  Beyond Trust /  ConnectWise Control / Others ...   For whatever reason, Mac OS resets Screen Recording permissions after every major OS upgrade.