Posted on 05-26-2020 11:46 AM
I'm looking for a way to see what apps have been given access to Privacy settings under the Security & Privacy menu on user machines.
Example: Our remote support tool, ScreenConnect, has to be added to the "Accessibility" pane of the Privacy menu in System Preferences in order for us to control machines remotely.
I'm wondering if there's an extension attribute or script that will allow me to see every app that's been added to the Privacy menu and the specific privileges given to those apps.
Any help is appreciated!
Posted on 05-27-2020 12:43 PM
I made a script / EA based on Graham Pugh's "Get a list of Third Party Kexts" except I'm reading the TCC.db files instead of KextPolicy - https://gist.github.com/grahampugh/eef17aecd4c37d1c17a23b3a1b40a3b4
Thanks @grahamrpugh !
Remove sudo if you're uploading to Jamf
#!/bin/bash
# Original Script - Get a list of Third Party Kexts by Graham Pugh
# https://gist.github.com/grahampugh/eef17aecd4c37d1c17a23b3a1b40a3b4
# Modified by Moe Munyoki to to read the system and logged-in user's TCC DB
# Get the logged-in user with the stat command
loggedInUser=$( stat -f %Su /dev/console )
# Read TCC DB
systemTCC="$( sudo /usr/bin/sqlite3 "/Library/Application Support/com.apple.TCC/TCC.db" "SELECT service,client,allowed from access" )"
userTCC="$( sudo /usr/bin/sqlite3 "/Users/$loggedInUser/Library/Application Support/com.apple.TCC/TCC.db" "SELECT service,client,allowed from access" )"
## Output result in EA format
# 1st version is too long and not suitable for an extension attribute
#echo "<result>"
#echo "System TCC DB"
# while IFS='|' read service client allowed ; do
# echo " "service": "${service}","
# echo " "client": "${client}","
# echo " "allowed": "${allowed}""
# echo " -"
# done <<< "${systemTCC}"
#echo "$loggedInUser's TCC DB"
# while IFS='|' read service client allowed ; do
# echo " "service": "${service}","
# echo " "client": "${client}","
# echo " "allowed": "${allowed}""
# echo " -"
# done <<< "${userTCC}"
#echo "</result>"
#
#exit 0
# 2nd version uses 1 line per entry and removes unnecessary characters so it's easier to display in an extension attribute or computer search.
echo "<result>"
echo "System TCC DB"
echo "Service, Client, Allowed"
while IFS='|' read service client allowed ; do
echo "${service}, ${client}, ${allowed}"
done <<< "${systemTCC}"
echo ""
echo "$loggedInUser's TCC DB"
echo "Service, Client, Allowed"
while IFS='|' read service client allowed ; do
echo "${service}, ${client}, ${allowed}"
done <<< "${userTCC}"
echo "</result>"
Here's a sample of the output. I erase-installed macOS last week so I don't have that many entries:
System TCC DB
Service, Client, Allowed
kTCCServiceSystemPolicyAllFiles, com.malwarebytes.mbam.rtprotection.daemon, 0
kTCCServiceSystemPolicyAllFiles, com.krill.CodeRunner, 0
kTCCServiceSystemPolicyAllFiles, net.sourceforge.grandperspectiv, 0
kTCCServiceSystemPolicyAllFiles, us.zoom.xos, 0
kTCCServicePostEvent, com.apple.screensharing.agent, 1
kTCCServiceScreenCapture, com.apple.screensharing.agent, 1
kTCCServiceAccessibility, /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/Support/AEServer, 0
kTCCServiceSystemPolicyAllFiles, com.cisco.webexmeetingsapp, 0
$loggedInUser's TCC DB
Service, Client, Allowed
kTCCServiceSystemPolicyDesktopFolder, com.mothersruin.SuspiciousPackageApp, 1
kTCCServiceSystemPolicyDownloadsFolder, com.mothersruin.SuspiciousPackageApp, 1
kTCCServiceSystemPolicyDocumentsFolder, com.mothersruin.SuspiciousPackageApp, 1
kTCCServiceSystemPolicyDesktopFolder, net.sourceforge.grandperspectiv, 1
kTCCServiceReminders, net.sourceforge.grandperspectiv, 0
kTCCServiceSystemPolicyDocumentsFolder, net.sourceforge.grandperspectiv, 1
kTCCServiceSystemPolicyDownloadsFolder, net.sourceforge.grandperspectiv, 1
kTCCServiceUbiquity, com.barebones.bbedit, 1
kTCCServiceSystemPolicyDownloadsFolder, us.zoom.xos, 0
kTCCServiceMicrophone, us.zoom.xos, 0
kTCCServiceCamera, com.microsoft.rdc.macos, 1
kTCCServiceMicrophone, com.microsoft.rdc.macos, 1
kTCCServiceCamera, com.microsoft.teams, 1
kTCCServiceUbiquity, com.apple.TextEdit, 1
kTCCServiceUbiquity, com.apple.weather, 1
kTCCServiceUbiquity, com.apple.mail, 1