I am currently using AppleScripts to allow users to run a policy in Self Service to reset their AD password, to help resolve keychain sync issues. However, when I run the policy it gets blocked by Security&Privacy. I am looking for a way to enable the check box for jamfAgent. I have read on other forums about using terminal to modify the database, however, I am unsure of what exactly I need to be adding to this to make it work. Thanks all.
Question
jamfAgent in Accessibility
+6
+13I have had success with a command like this to add items into the Accessiblity database:
sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','/usr/sbin/jamfAgent',0,1,1,NULL)"Command line utilities don't usually show up with a checkbox in the GUI panel of Security and Privacy, but if you read the database, it should show as being in there.
sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "SELECT * from access"I see how that adds the item to the database. The issue I am having is that I need have the app checked to allow it to run. If it is just sitting there nothing happens and the apple script does not work.
+6Never mind, if I change the last parameters from ,0,1,1, to 1,1,1, it will load the agent with the checkbox enabled.
+13Interesting. I was able to do this, too.
This command does work to allow the checkbox:
sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','/usr/sbin/jamfAgent',1,1,1,NULL)"
+27@jacob_salmela thanks for posting tccutil https://github.com/jacobsalmela/tccutil works very well for this kind of thing.
+13@jhbush1973 I'm glad it worked for you. I made that utility shortly after this post was created. If you do run into any problems, let me know.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.