Jamf Nation Community

roethelbc · ‎07-10-2014

I am currently using AppleScripts to allow users to run a policy in Self Service to reset their AD password, to help resolve keychain sync issues. However, when I run the policy it gets blocked by Security&Privacy. I am looking for a way to enable the check box for jamfAgent. I have read on other forums about using terminal to modify the database, however, I am unsure of what exactly I need to be adding to this to make it work. Thanks all.

jacob_salmela · ‎07-10-2014

I have had success with a command like this to add items into the Accessiblity database:

sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','/usr/sbin/jamfAgent',0,1,1,NULL)"

Command line utilities don't usually show up with a checkbox in the GUI panel of Security and Privacy, but if you read the database, it should show as being in there.

sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "SELECT * from access"

roethelbc · ‎07-10-2014

I see how that adds the item to the database. The issue I am having is that I need have the app checked to allow it to run. If it is just sitting there nothing happens and the apple script does not work.

roethelbc · ‎07-10-2014

Never mind, if I change the last parameters from ,0,1,1, to 1,1,1, it will load the agent with the checkbox enabled.

jacob_salmela · ‎07-10-2014

Interesting. I was able to do this, too.

This command does work to allow the checkbox:

sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','/usr/sbin/jamfAgent',1,1,1,NULL)"

jhbush · ‎08-01-2014

@jacob_salmela thanks for posting tccutil https://github.com/jacobsalmela/tccutil works very well for this kind of thing.

jacob_salmela · ‎08-02-2014

@jhbush1973 I'm glad it worked for you. I made that utility shortly after this post was created. If you do run into any problems, let me know.

Jamf Nation Community

jamfAgent in Accessibility