JamfAgent would like to administer your computer...

ooshnoo
Valued Contributor

I'm getting this message on 10.14 Macs even though the Privacy Preferences Policy Control profile is installed.

Anyone got any ideas as to why it keeps popping up despite the Privacy Policy profile is installed? I also have the JamfAppleEvents.mobileconfig profile installed, and still see the popup.

fd487feeaeb04a568e74bfa512d90280

11 REPLIES 11

Hugonaut
Valued Contributor II

This is the config you're referring to correct? It should 100% work. Works for out Mojave machines

https://github.com/jamf/JamfPrivacyPreferencePolicyControlProfiles/blob/master/JamfAppleEvents.mobil...

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

ooshnoo
Valued Contributor

Yes. that is the profile I'm using.

Hugonaut
Valued Contributor II

User Approved MDM? or DEP? - if User Approved is the MDM Approved? (Kind of a stupid question being Mojave, I know we're all using DEP but just making sure the profiles approved) - & you've looked through the console logs?

If that's approved, im out of ideas and if nobody else here has any input, I'd reach out to your Jamf Buddy / one of the engineers to troubleshoot, that really really really should not be happening haha

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

allanp81
Valued Contributor

I'm still seeing this on 10.14.5 on machines that have the config profile installed.

MikaelDez
Contributor

I'm getting this message when pushing a policy that updates our McAfee agent. How do I implement this config file so that end users don't receive this message?

gabester
Contributor III

I get

"Jamf" would like to administer your 
computer. Administration can include 
modifying passwords, networking, and 
system settings."  [ Don't Allow ] [ OK ]

8315c196a0bc4995ac1968852f3cd230

I think I need to do something with PPPC but I'm not sure what.

allanp81
Valued Contributor

Have you got MDM applied by that point? As in what's triggering that question?

gabester
Contributor III

@allanp81 Getting back to this, it's during our main setup after enrollment/MDM, once Self Service gets installed. So, basically step 2 (with step 1 being enroll) - there are about two dozen apps and two dozen scripts that get applied and I think this is one of the scripts. Looking at the content of /Library/Application Support/JAMF/tmp it LOOKS like part of my logic to transfer SecureToken to a newly created local admin account where I'm setting the user's icon. Specifically this is the block of code JAMF is executing:

#$4=username $5=userpw $9=UID $path=/Library/User Pictures/Fun/Gingerbread Man.tif
/usr/bin/dscl localhost -delete /Local/Default/Users/$4
/bin/sleep 5
/bin/rm -Rf /Users/$4
SETUPUSER=$(/usr/sbin/sysadminctl -addUser $4 -password $5 -admin -UID $9 -fullName "$4" -picture "$path" 2>&1)

In my book I'm going to chalk this up to an instance of Apple making Catalina (and likely Bug Sir) a little too much like Windows Vista.

allanp81
Valued Contributor

That's a good analogy, the UAC prompting in Vista was another reason why most avoided it like the plague. I haven't tried Big Sur yet to see if it's even worse.

gabester
Contributor III

I'm still plagued with this on the devices I can't use with ABM yet... there's a similarly dead-ended thread here:

https://www.jamf.com/jamf-nation/discussions/36876/jamf-would-like-to-administer-your-computer

I've tried everything including tearing my hair out to no avail. In my case a script called in a policy that's running sysadminctl to add a securetoken to a user seems to be generating this prompt; I've taken that standard JamfAppleEvents.mobileconfig and added sysadminctl with allowed accessibility, admin files, all files (since it specifically seems to hang on creating a new home folder for the user.) I deduced this from getting the contents of the policy output from /Application Support/JAMF/tmp/POLICY##.tmp and that was the next line that appeared AFTER I clicked OK.

I am seeing the same exact pop up, using a sysadminctl script...one would think there is a PPPC profile for this, but what?