Jamf Nation Community

svallas · ‎01-22-2020

Hi,

Using the script below I can silently install Google Drive on the workstations. I just run into the following problem, and that a pop-up appears from System Extension Blocked, in which I have to approve Google.

Is there a way to forcefully approve this in the script?

Thanks in advance.

# Script to download, Silent Install and then clean up once installed Google DrivE FileStream

#Make temp folder for downloads.
mkdir "/tmp/filestream/";
cd "/tmp/filestream/";

#Download filestream.
curl -L -o /tmp/filestream/GoogleDriveFileStream.dmg "https://dl.google.com/drive-file-stream/GoogleDriveFileStream.dmg";

#Mount, Install, and unmount GoogleDriveFileStream.dmg
hdiutil mount GoogleDriveFileStream.dmg; 
sudo installer -pkg /Volumes/Install Google Drive File Stream/GoogleDriveFileStream.pkg -target "/Volumes/Macintosh HD"; 
hdiutil unmount /Volumes/Install Google Drive File Stream/;

#Tidy up
sudo rm -rf /tmp/filestream/

larry_barrett · ‎01-22-2020

PPPC utility download here

cbrewer · ‎01-22-2020

Config profile with Approved Kernel Extensions payload.

larry_barrett · ‎01-22-2020

We do exactly what @cbrewer does and use a PPPC entry in the same profile.

svallas · ‎01-22-2020

I don't use jamf yet, I remotely kick the script, so I wondered if something like that could be edited in the script?

mattia_giuffrid · ‎01-29-2020

@cbrewer solution worked even without PPPC configs.

Flaurian · ‎01-28-2021

I actually configured it like you but I still got this notification if I started Google FS for the first time. Did I something wrong?

McLeanSchool · ‎02-04-2021

@svallas With the release of the rebranded Google Drive File Stream, it is now called Google Drive. I had to update your script to accommodate for this:

#!/bin/zsh

# Make temp folder for downloads
mkdir "/tmp/googledrive"
cd "/tmp/googledrive"

# Download Google Drive
curl -L -o "/tmp/googledrive/GoogleDriveFileStream.dmg" "https://dl.google.com/drive-file-stream/GoogleDriveFileStream.dmg"

# Mount and install GoogleDriveFileStream.dmg
hdiutil mount GoogleDriveFileStream.dmg
installer -pkg "/Volumes/Install Google Drive/GoogleDrive.pkg" -target "/Volumes/Macintosh HD"

# Tidy up
hdiutil unmount "/Volumes/Install Google Drive"
sudo rm -rf "/tmp/googledrive"

MacJunior · ‎02-08-2021

I deployed the same config profile @cbrewer mentioned but I still get the popup window asking to approve it from system preferences !!

Anybody managed to fix it ?

konstantinb · ‎02-11-2021

interested in this too!

robertliebsch · ‎02-11-2021

Be mindful, Kernel Extensions are 10.15 while System Extensions are 11.
@Flaurian @MacJunior

Flaurian · ‎02-11-2021

Yes, I already found it out but thanks to clarify it. I also checked Google working on a new tool for Google Drive to combine Drive and Backup as one product. So, fingers crossed it using System Extensions.

yo_ann · ‎02-17-2021

Hello,

same problem as Flaurian, what ever i set up, i still have the approval asking.... but with the message "Google, Inc has been blocked" :'(

mosermat · ‎03-01-2021

Adding some things here that can hopefully help someone. I modified the script posted by @McLeanSchool so it will still install File Stream even if the Volume Name is unique and has a space in it (ex. "Joes Mac" instead of "Macintosh HD"). I tested and this is working on multiple MacBooks via Jamf on Catalina and Big Sur (caveat below).

#!/bin/zsh

# make temp folder for downloads
mkdir "/tmp/googledrive"

# change working directory
cd "/tmp/googledrive"

#download Google Drive File Stream
curl -L -o "/tmp/googledrive/GoogleDriveFileStream.dmg" "https://dl.google.com/drive-file-stream/GoogleDriveFileStream.dmg"

# Mount the DMG
hdiutil mount GoogleDriveFileStream.dmg

# Get Volume Name
Volume=$(diskutil info / | grep "Volume Name:" | awk '{print $3,$4,$5,$6}')

# Install Google Drive
sudo installer -pkg /Volumes/Install Google Drive/GoogleDrive.pkg -target "/Volumes/$Volume"

#Tidy Up
hdiutil unmount "/Volumes/Install Google Drive"
sudo rm -rf "/tmp/googledrive"

In Big Sur I still haven't found a way to approve the necessary System Extension via Jamf...but it is possible to open System Preferences, Security and Privacy, General Tab, click Allow, reboot...then it works great. Hoping someone can find a fix or this is resolved by Google at some point.

Geissbuhler · ‎05-18-2021

@mosermat Had to Update the script a bit in more than the places listed above:

#!/bin/zsh

# make temp folder for downloads
mkdir "/tmp/googledrive"

# change working directory
cd "/tmp/googledrive"

#download Google Drive File Stream
curl -L -o "/tmp/googledrive/GoogleDrive.dmg" "https://dl.google.com/drive-file-stream/GoogleDrive.dmg"

# Mount the DMG
hdiutil mount GoogleDrive.dmg

# Get Volume Name
Volume=$(diskutil info / | grep "Volume Name:" | awk '{print $3,$4,$5,$6}')

# Install Google Drive
sudo installer -pkg /Volumes/Install Google Drive/GoogleDrive.pkg -target /

#Tidy Up
hdiutil unmount "/Volumes/Install Google Drive"
sudo rm -rf "/tmp/googledrive"

This at least seems to be downloading and installing properly now.

Geissbuhler · ‎05-18-2021

Now to work on getting Auth to happen after launching the app, if anyone has any tips, please reply

bfrench · ‎06-09-2021

After running the most recent script the volume is not removing from the desktop. Does something need to be altered?

Tidy Up

hdiutil unmount "/Volumes/Install Google Drive"

it logs as successful

installer: Package name is Google Drive
installer: Installing at base path /
installer: The install was successful.
"/Volumes/Install Google Drive" unmounted successfully.
sudo rm -rf "/tmp/googledrive"

KSibley · ‎06-10-2021

I'm not having luck the the Kext CP and PPPC. Does something need to change now that its been renamed from Google Drive FileStream to Google Drive for Desktop? NM, got it working.

KarolisB · ‎06-24-2021

@KSibley what was the solution?

RLR · ‎08-19-2021

Anyone got an updated version of the PPPC config they can share? We're still getting Google Drive asking for system extension approval on big sur.

Geissbuhler · ‎09-09-2021

I know this was a while back, but If you are still looking you can get the newest version here:

https://github.com/jamf/PPPC-Utility/releases

konstantinb · ‎08-19-2021

Hey @RLR ,

we use the following:

Privacy Preferences Policy Control - App Access

Identifier

com.google.drivefs

Bundle ID

identifier "com.google.drivefs" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = EQHXZ8M8AV

APP OR SERVICE:

Accessibility: Allow

System Extension:

Google Drive - Allowed System Extensions - EQHXZ8M8AV - com.google.drivefs.filesystems.dfsuse

Hope that works for you :). Feel free to give some feedback!

tcandela · ‎09-01-2021

@RLR and @konstantinb since it's not GOOGLE DRIVE FILE STREAM anymore but changed to GOOGLE DRIVE FOR DESKTOP are the values to create the 'system extension' the same? I used the values that @konstantinb provided in the reply above two weeks ago. (images attached of my sys ext config profile)

specifically these values below, do they stay the same? i'm thinking maybe 'drivefs' would reference 'file stream' but since it's not file stream anymore i'm kinda just assuming.

---- com.google.drivefs

----- com.google.drivefs.filesystems.dfsuse

Geissbuhler · ‎09-01-2021

Pulling the App "Google Drive" Into PPPC Utility it shows the same as before, so looks like it is indeed still using the com.google.drivefs. I wondered the same thing 🙂 Screen Shot 2021-09-01 at 9.53.26 AM.png

tcandela · ‎09-01-2021

so does my Config Profile settings look correct?

is that similar to your config profile?

does it work for both intel and M1 macs running Big Sur? I'm testing but wont be able to for the next 2 weeks.

Geissbuhler · ‎09-01-2021

Testing on an Intel Machine in a bit need to wipe to fully test properly, will post results when done. I have the same as you plus a few others, which I likely do not need, The diff is that I approved both com.google.drivefs and com.google.drivefs.filesystems.dfsuse in the system extension, so we will see what happens. If it works I will post screenshots.

Geissbuhler · ‎09-01-2021

Also Testing this on macOS Monterey Beta FYI, 1 Big Sur Intel and 1 Monterey.

Geissbuhler · ‎09-01-2021

So Far worked perfectly on macOS Monterey, Testing Big Sur momentarily

Geissbuhler · ‎09-01-2021

No go for Big Sur, **bleep**!

Geissbuhler · ‎09-01-2021

Ok So Here is what I have:

Big Sur on M1 = Works
Big Sur on Intel = Fails
Monterey Beta (21a5506j) on Intel = Works
Monterey Beta (21A5304g) on M1 = Works

My setup is a bunch of me reading various items and is likely overkill, I was going to make a bunch of settings and then if it worked I could pull some back, just keep that in mind.

(Update) same results after changing a mistake i had in the screenshots below:

com.google.drivefs.filesystems.dfsuse

Geissbuhler · ‎09-01-2021

Any Other findings from People Specifically with Intel Macs on Big Sur would be greatly appreciated.

tcandela · ‎09-01-2021

@Geissbuhler so you applied that single config profile to both intel & m1 ?

so no separate config profile for each arch type? (probably not necessary)

Geissbuhler · ‎09-01-2021

Correct exact same on all of the above, only intel and Big Sur combo seems to fail. So weird

konstantinb · ‎09-02-2021

So far this config did work for all our clients. But I will try to check it again on M1 next weeks. The Config i also pulled from the new client the name has just changed but the config is still the same basically.

tcandela · ‎09-02-2021

@konstantinb @Geissbuhler are you applying this Google Drive system extension config profile to only Big Sur computers?

and a seperate Google Drive kernel extension config profile to Mojave and Catalina computers?

also the system extension you configured, I see the pictures you posted, does the config profile have 2 'Allow Team IDs and System Extension' sections in it?

Geissbuhler · ‎09-09-2021

Yes I we are doing kernel extension for Catalina and Mojave, and a separate Config Profile with System Extension for Big Sur and Monterey Beta.

konstantinb · ‎09-03-2021

@tcandela Theoretical yes you would need to.

The Systems extensions are as following:

Display Name:
Google Drive
System Extension Types:

Allowed System Extensions:
Team Identifier:
EQHXZ8M8AV
ALLOWED SYSTEM EXTENSIONS:
com.google.drivefs.filesystems.dfsuse

tcandela · ‎09-03-2021

@konstantinb ok thanks.

I'm confused with the @Geissbuhler images he attached to his reply specifically the 5th image that has the 'driver extension' box checked. Do you have that in your system extension configuration?

here is the image i'm talking about, it looks like another section of 'Allowed Team ID's and System Extensions' was added to the same config profile

Geissbuhler · ‎09-08-2021

Yes in my test environment I was basically trying anything, hence the comment where I try way too much and scale back later. The way those pics are listed, is the top pic is the Config Profile as whole, then the next is of the PPPC Payload, The next is the System Extensions payload, the following snaps are of the individual sections within the System Extensions Payload.

I read early on that if you are unsure with System Extensions which bit works, like in this instance here, trying to troubleshoot, you start with approving the team as a whole, Then start on the individual extensions, Then the types, if your big old way overkill sys extension works, scale it back like maybe delete the Team as a whole bit of the payload, and get right to the bits that you actually need.

This is not in prod

Would love to know what I actually need, hence the testing above. This is currently working on Big Sur with M1, but not working on Big Sur with Intel.

a_hebert · ‎09-08-2021

I haven't tried it on a Big Sur computer yet. I was trying to find a solution for my 10.15 computers. This is a kernel extension so i know it will not work on Big Sur I am making a new config profile for my Big Sur computers will let you know how the testing is going after I get that one built.

Jamf Nation Community

Install Google Drive File Stream - System Extension Blocked

Tidy Up