Posted on 07-10-2014 08:46 AM
I am currently using AppleScripts to allow users to run a policy in Self Service to reset their AD password, to help resolve keychain sync issues. However, when I run the policy it gets blocked by Security&Privacy. I am looking for a way to enable the check box for jamfAgent. I have read on other forums about using terminal to modify the database, however, I am unsure of what exactly I need to be adding to this to make it work. Thanks all.
Posted on 07-10-2014 08:58 AM
I have had success with a command like this to add items into the Accessiblity database:
sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','/usr/sbin/jamfAgent',0,1,1,NULL)"
Command line utilities don't usually show up with a checkbox in the GUI panel of Security and Privacy, but if you read the database, it should show as being in there.
sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "SELECT * from access"
Posted on 07-10-2014 09:46 AM
I see how that adds the item to the database. The issue I am having is that I need have the app checked to allow it to run. If it is just sitting there nothing happens and the apple script does not work.
Posted on 07-10-2014 09:48 AM
Never mind, if I change the last parameters from ,0,1,1, to 1,1,1, it will load the agent with the checkbox enabled.
Posted on 07-10-2014 09:52 AM
Interesting. I was able to do this, too.
This command does work to allow the checkbox:
sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','/usr/sbin/jamfAgent',1,1,1,NULL)"
Posted on 08-01-2014 01:28 PM
@jacob_salmela thanks for posting tccutil https://github.com/jacobsalmela/tccutil works very well for this kind of thing.
Posted on 08-02-2014 09:59 AM
@jhbush1973 I'm glad it worked for you. I made that utility shortly after this post was created. If you do run into any problems, let me know.