jamf would like access to files in your documents folder

TomDay
Release Candidate Programs Tester

We run a script through self service that migrates data from a user's old computer to their new computer (computers connected via target disk mode). Data copies perfectly, however, Jamf throws up some messages like the attached for things like Documents, Desktop, Downloads, Reminders etc. Any idea of how to allow that in advance without having to click OK every time? Config profile maybe?

7ef87dd9ce364e39a301c5801748fb97

1 ACCEPTED SOLUTION

lawinski
New Contributor III

For ease of use go to Computer Management > Security where you can select
"Automatically install a Privacy Preferences Policy Control profile" for the Jamf Framework.

This will automatically push the correct PPPC profile for allowing FDA (Full Disk Access)

View solution in original post

9 REPLIES 9

lawinski
New Contributor III

For ease of use go to Computer Management > Security where you can select
"Automatically install a Privacy Preferences Policy Control profile" for the Jamf Framework.

This will automatically push the correct PPPC profile for allowing FDA (Full Disk Access)

We have this PPPC Control set, and yet we still see this request during one of our install scripts.

Anyone have any ideas why we would still see it, even after granting access through the PPPC Configuraton Profile?

We are giving "/usr/local/jamf/bin/jamfAgent", "/usr/local/jamf/bin/jamf", and "com.jamf.management.Jamf" access to "Desktop", "Downloads", "Documents", "All Files", "Network Volumes", and "Removable Volumes". You'd think with all of that, we'd have our basis covered. And yet we still see that prompt every time we run our install script.

TomDay
Release Candidate Programs Tester

I've thrown my hands up in the air on this and given up, never works the way we want

TomDay
Release Candidate Programs Tester

Thx @lawinski got that set up now, will keep an eye on it throughout the day as I do more of these.

TomDay
Release Candidate Programs Tester

@lawinski Seems that the message I posted earlier is now gone after making the recommended change, but I got a different message this time (below). I was thinking the setting we changed earlier would take care of everything Jamf, am I missing something ?

"jamf wants access to control system events"

lawinski
New Contributor III

Well the profile only grants access to files. I do not know what you script does but it seems you are trying to send system events to other applications. You would need to allow Jamf to do that as well.

You can do this via a PPPC profile in Jamf. Sender would be /usr/local/jamf/bin/jamf. However I do not know the receiver.

Some documentation can be found here: https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services/identity

TomDay
Release Candidate Programs Tester

@lawinski Continued monitoring shows that my original issue is resolved, I greatly appreciate your tip on that Jamf setting. Going to mark this as resolved and continue to hammer away at my other issue as my current profile I am using built from the PPPC is skipping a few things it looks like.

_gsm
New Contributor III

@TomDay I'm actually in the planning stages of a hardware refresh and working on a script to transfer data. Do you mind sharing what you use?

TomDay
Release Candidate Programs Tester

for sure @|gsm

#!/bin/sh


touch /tmp/sync_log.log
status="/tmp/sync_log.log"

sudo systemsetup -setcomputersleep Never
sleep 2

#Ask for username
user="$(/usr/bin/osascript -e 'Tell application "System Events" to display dialog "Please enter username to move 
Click OK and grab some coffee!" default answer "" with title "Username" with text buttons {"Ok"} default button 1' -e 'text returned of result')"
sleep 2

#open Console with syncLog
open /tmp/sync_log.log
sleep 2

#Remove Office 2011 Data
rm -fRv /Volumes/Macintosh HD 1/Users/$user/Documents/Microsoft User Data/Office 2011 Identities/ | tee -a $status
sleep 2

#Remove Office 2016 Data
rm -fRv /Volumes/Macintosh HD 1/Users/$user/Library/Group Containers/UBF8T346G9.* | tee -a $status
sleep 2

#empty Trash
rm -fRv /Volumes/Macintosh HD 1/Users/$user/.Trash | tee -a $status
sleep 2


#Sync Data
rsync -avP --progress --stats /Volumes/Macintosh HD 1/Users/$user/ /Users/$user/ | tee -a $status
sleep 2

#Repair Permissions
chown -R $user /Users/$user/ | tee -a $status
sleep 2

/usr/sbin/systemsetup -setcomputersleep 120 | tee -a $status
#sleep 2

echo "Copy complete..."
sleep 1
echo "Transfer Completed Successfully..."

#Prompt Team that transfer was complete
USER=`who | grep console | awk '{print $1}'`

/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "Data Migration Utility " -heading "Data Migration Status" -alignHeading center -description "Data transfer has completed, check and compare the sizes of both HDDs while I make this user an admin of this laptop." -icon /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/ToolbarInfo.icns -button1 "OK" -button2 "Cancel" -defaultButton 1 -cancelButton 2

# If the user clicks OK

if [ "$?" == "2" ]; then
         echo "Thank you!";   
     exit 1

# if the user clicks cancel
elif [ "$?" == "2" ]; then
         echo "Thank You.";   
     exit 1
fi

sleep 2

killall Console

killall "Self Service"

exit 0