Skip to main content
Question

Location Services can't be managed?

  • February 23, 2021
  • 14 replies
  • 176 views
P
Forum|alt.badge.img+13

I've noticed there isn't an option to force the enablement of Location Services on a Mac. I've opened a ticket with Apple and they said this is by design for privacy. I can completely understand that on a personally owned Mac, but for a corporate owned asset, we should have full access to the device in case it's lost or stolen and we can tell the last place it was, which means enabling location and not letting someone turn it off. People don't have any expectations of privacy with work computers and things like email or what applications are installed, I don't understand why Apple is drawing a line in the sand with location.

Am I crazy for thinking this should be an MDM option?

    14 replies

    U
    Forum|alt.badge.img+1
    • user-ospPzNdxVB
    • New Contributor
    • 3 replies
    • February 23, 2021

    I think the problem is that basically anything you can enable via Jamf and MDM is something that can be done via a profile or potentially a script to any device. So if they were to build in a mechanism for organisations to use it could be abused and used on personal devices by malicious people.

    easyedc
    Forum|alt.badge.img+16
    • easyedc
    • Esteemed Contributor
    • 631 replies
    • February 23, 2021

    You've actually hit the nail on the head for quite a few things. If a device is enrolled into ABM via an authorized VAR, and then enrolled into an MDM, it should be able to control a few corporate requirements. Apple has taken personal privacy and applied it to corporate environments. But Apple is enterprise friendly. Just ask them.

    U
    Forum|alt.badge.img+1
    • user-ospPzNdxVB
    • New Contributor
    • 3 replies
    • February 23, 2021

    @easyedc I suppose the way to achieve that is to make location services something that is manageable if the device is 'supervised' because then that would generally be done via DEP or having a supervision identity on it however supervision identities can be installed offline using Apple Configurator.

    P
    Forum|alt.badge.img+13
    • PhillyPhoto
    • Author
    • Valued Contributor
    • 217 replies
    • February 24, 2021

    I have it as one of the few setup options available to the end user in hopes they will enable it. I'm fine with having Supervision being a prerequisite, but the option should be available.

    J
    Forum|alt.badge.img+10
    • j_meister
    • Valued Contributor
    • 71 replies
    • June 2, 2021

    Is there a way to enable the Location Services for supervised iPads with iOS 14.6? Or is this still not possible?

    J
    Forum|alt.badge.img+9
    • JureJerebic
    • Contributor
    • 44 replies
    • March 15, 2022

    Is this still the case, that Location Services cannot be turned on on Macs via a configuration profile or a policy? Asking because we want to go zero-touch and would like to enforce this and skip the step in the Setup Assistant.

    J
    Forum|alt.badge.img+9
    • JureJerebic
    • Contributor
    • 44 replies
    • May 27, 2022

    Is this still the case, that Location Services cannot be turned on on Macs via a configuration profile or a policy? Asking because we want to go zero-touch and would like to enforce this and skip the step in the Setup Assistant.


    FYI, it is possible to enforce it via a policy, we have it now deployed

    J
    Forum|alt.badge.img+10
    • j_meister
    • Valued Contributor
    • 71 replies
    • May 27, 2022

    FYI, it is possible to enforce it via a policy, we have it now deployed


    That sounds very interesting, do you have more details for us, please?

    J
    Forum|alt.badge.img+9
    • JureJerebic
    • Contributor
    • 44 replies
    • May 27, 2022

    That sounds very interesting, do you have more details for us, please?


    The script below sets the time according to the current location, and the first part of it is also turning on the location services: 

    #!/bin/bash

    ## enabling location services
    /usr/bin/defaults write /var/db/locationd/Library/Preferences/ByHost/com.apple.locationd LocationServicesEnabled -int 1

    uuid=$(/usr/sbin/system_profiler SPHardwareDataType | grep "Hardware UUID" | cut -c22-57)
    /usr/bin/defaults write /var/db/locationd/Library/Preferences/ByHost/com.apple.locationd.$uuid LocationServicesEnabled -int 1

    ## configure automatic timezone
    /usr/bin/defaults write /Library/Preferences/com.apple.timezone.auto Active -bool YES
    /usr/bin/defaults write /private/var/db/timed/Library/Preferences/com.apple.timed.plist TMAutomaticTimeOnlyEnabled -bool YES
    /usr/bin/defaults write /private/var/db/timed/Library/Preferences/com.apple.timed.plist TMAutomaticTimeZoneEnabled -bool YES
    /usr/sbin/systemsetup -setusingnetworktime on
    /usr/sbin/systemsetup -gettimezone
    /usr/sbin/systemsetup -getnetworktimeserver

    ## locking the system preferences -> Date & Time
    security authorizationdb write system.preferences.datetime admin

    Steven_Xu
    Forum|alt.badge.img+7
    • Steven_Xu
    • Contributor
    • 47 replies
    • July 24, 2022

    I use this script to enable location service on Monterey, but reboot is required.

    #!/bin/zsh # 2.5.3 Enable Location Service, reboot is required enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled) if [ ! $enabled = "1" ]; then echo "location service is not enabled, enable now, reboot is required." sudo -u "_locationd" defaults -currentHost write "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled -int 1 else echo "location service already enabled." fi

     

    J
    Forum|alt.badge.img+10
    • j_meister
    • Valued Contributor
    • 71 replies
    • July 26, 2022

    I use this script to enable location service on Monterey, but reboot is required.

    #!/bin/zsh # 2.5.3 Enable Location Service, reboot is required enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled) if [ ! $enabled = "1" ]; then echo "location service is not enabled, enable now, reboot is required." sudo -u "_locationd" defaults -currentHost write "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled -int 1 else echo "location service already enabled." fi

     


    Thanks Steven, I have to test this on one of our machines.

    T
    Forum|alt.badge.img+1
    • taniguti
    • New Contributor
    • 2 replies
    • August 13, 2022

    I use this script to enable location service on Monterey, but reboot is required.

    #!/bin/zsh # 2.5.3 Enable Location Service, reboot is required enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled) if [ ! $enabled = "1" ]; then echo "location service is not enabled, enable now, reboot is required." sudo -u "_locationd" defaults -currentHost write "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled -int 1 else echo "location service already enabled." fi

     


    After that, `kill -HUP "$( pgrep locationd)"`. and no need restart system.

    P
    Forum|alt.badge.img+6
    • Phatmandrake1
    • New Contributor
    • 5 replies
    • March 6, 2023

    The script below sets the time according to the current location, and the first part of it is also turning on the location services: 

    #!/bin/bash

    ## enabling location services
    /usr/bin/defaults write /var/db/locationd/Library/Preferences/ByHost/com.apple.locationd LocationServicesEnabled -int 1

    uuid=$(/usr/sbin/system_profiler SPHardwareDataType | grep "Hardware UUID" | cut -c22-57)
    /usr/bin/defaults write /var/db/locationd/Library/Preferences/ByHost/com.apple.locationd.$uuid LocationServicesEnabled -int 1

    ## configure automatic timezone
    /usr/bin/defaults write /Library/Preferences/com.apple.timezone.auto Active -bool YES
    /usr/bin/defaults write /private/var/db/timed/Library/Preferences/com.apple.timed.plist TMAutomaticTimeOnlyEnabled -bool YES
    /usr/bin/defaults write /private/var/db/timed/Library/Preferences/com.apple.timed.plist TMAutomaticTimeZoneEnabled -bool YES
    /usr/sbin/systemsetup -setusingnetworktime on
    /usr/sbin/systemsetup -gettimezone
    /usr/sbin/systemsetup -getnetworktimeserver

    ## locking the system preferences -> Date & Time
    security authorizationdb write system.preferences.datetime admin


    How are you skipping the step in set-up assistant? PreStage Enrollment doesn't seem to allow it, and the policy would be run until after enrollment complete.

    stephaniemm77
    Forum|alt.badge.img+5
    • stephaniemm77
    • Contributor
    • 68 replies
    • June 27, 2023

    FYI, it is possible to enforce it via a policy, we have it now deployed


    Thank you

     


    Terms & ConditionsCookie settingsAccessibility statement