Also in this situation for MS Teams. Would like to know if there is a solution for this.
Same situation here for Zoom. Any insight into how to make this work yet?
I ended up putting in a Jamf support ticket on this. Went back and forth a little, it got escalated. In the end, their final answer was that it's an intentional limitation on Apple's end that MDM's do not have the ability to do this. Pretty sure their reasoning is privacy. Which I get, but still..
I believe our network admin who is mainly doing the Zoom phone transition/integration said you can configure Zoom Phone admin settings to associate different subnets with different building locations. So if they're calling 911 with Zoom Phone on a Mac, it will look at their subnet and pull 911 location that way. This was the best we were able to do.
I ended up putting in a Jamf support ticket on this. Went back and forth a little, it got escalated. In the end, their final answer was that it's an intentional limitation on Apple's end that MDM's do not have the ability to do this. Pretty sure their reasoning is privacy. Which I get, but still..
I believe our network admin who is mainly doing the Zoom phone transition/integration said you can configure Zoom Phone admin settings to associate different subnets with different building locations. So if they're calling 911 with Zoom Phone on a Mac, it will look at their subnet and pull 911 location that way. This was the best we were able to do.
Our MS Teams admin does the same thing. However this doesn't help the home office users, which relies on location services. The only thing I can think of is instructing the users to enable this on their own.
Our MS Teams admin does the same thing. However this doesn't help the home office users, which relies on location services. The only thing I can think of is instructing the users to enable this on their own.
Makes sense. We've pulled admin rights so unfortunately not an option for us :\\
We actually got the same responses from Jamf/Apple when asking for better ways to do this other than "give the users admin rights and have them enable the app location manually". We had the need to enable location services for Teams (and Teams Helper) for our E911 calling. Not satisfied with those responses I dug deeper and found a way to 100% automate enabling app location services. This script is for Teams and Teams Helper, but you can review the queried file and substitute in whatever app you need (Chrome, Zoom, etc). macOS Ventura adds a GUID to the file entries so there are pre-macOS 13 and post-macOS 13 sections of the script.
First, we check if location services is enabled, if yes we continue, if not we call a different script to enable it (you will have to replace that jamf policy statement on Line 33 with the commands to enable location services listed at the beginning of this whole thread).
#!/bin/bash
####################################################################################################
# DESC: When the script runs, it will make a copy of the existing location services
# /var/db/locationd/client.plist to be used in case a revert is needed. Following, we swap 0's
# to 1's within the client.plist for Teams and Teams helper to enable them.
# REFS: N/A
#
# Author: Bill Addis
#
# HISTORY
# - v.0.0: discovery of appropriate directories and files for manipulation
# - v.1.0: initial script upload
# - v.1.1: added additional logging, as well as error checking to ensure the plist exists before manipulation
# - v.1.1: discovered+fixed a bug where if an end-user manually DISABLES Teams from using location services, the "authorized key" disappears and cannot be set
# - v.1.2: Adding an initial check at the top to see if location services for MacOS are enabled
# - v.1.3: Updated to account for changes in macOS Ventura
####################################################################################################
# Set line debugging
PS4='Line ${LINENO}: '
# Echo mount point in Jamf
echo $1
# Is location services enabled?
location_enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled)
if [[ "$location_enabled" = "1" ]]; then
echo ""
echo "Location Services are enabled, moving on..."
echo ""
else
echo ""
echo "Location Services disabled. Enabling them..."
# UPDATE THIS LINE TO ACTUALLY ENABLE LOCATION SERVICES
jamf policy -event location
sleep 3
location_enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled)
if [[ "$location_enabled" = "0" ]]; then
echo "Unable to enable location services...exiting"
exit 1
fi
fi
# Does the clients.plist exist?
echo "Current contents of /var/db/locationd directory:"
echo "$(ls /var/db/locationd)"
osVers=$(sw_vers -productVersion)
echo "macOS $osVers currently installed."
if [[ "$osVers" == *13* ]] ; then
echo "Executing for macOS Ventura..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
key1=$(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | head -1)
key2=$(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | tail -1)
echo "$clients already exists! Moving on..."
echo ""
echo "Current key values for teams app and teams helper:"
echo $(/usr/libexec/PlistBuddy -c "Print $key1" $clients)
echo ""
echo $(/usr/libexec/PlistBuddy -c "Print $key2" $clients)
echo ""
echo "================================="
# Create a backup of the existing client location services file
cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
# Use Plist Buddy to mark-up client plist, enabling Teams' location services
/usr/LibExec/PlistBuddy -c "Set :$key1:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :$key1:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Teams app location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :$key1:Authorized true" /private/var/tmp/clients.plist
fi
echo "Setting Teams app location services returned: $?"
/usr/LibExec/PlistBuddy -c "Set :$key2:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :$key2:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Teams helper location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :$key2:Authorized true" /private/var/tmp/clients.plist
fi
echo "Enabling Teams helper location services returned: $?"
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
else
echo "Executing for macOS 12 or less..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
echo "$clients already exists! Moving on..."
echo ""
echo "Current key values for teams app and teams helper:"
echo $(/usr/libexec/PlistBuddy -c "Print :com.microsoft.teams" $clients)
echo ""
echo $(/usr/libexec/PlistBuddy -c "Print :com.microsoft.teams.helper" $clients)
echo ""
echo "================================="
# Create a backup of the existing client location services file
cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
# Use Plist Buddy to mark-up client plist, enabling Teams' location services
/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :com.microsoft.teams:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Teams app location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams:Authorized true" /private/var/tmp/clients.plist
fi
echo "Setting Teams app location services returned: $?"
/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams.helper:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :com.microsoft.teams.helper:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Teams helper location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams.helper:Authorized true" /private/var/tmp/clients.plist
fi
echo "Enabling Teams helper location services returned: $?"
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
fi
# Display the final return code
exit $? From there, we created an extension attribute to read/report on whether or not Teams location services are enabled and just have this policy set to run this script Ongoing/Recurring Check-in/All Managed Clients (exclude smart group of machines with Teams location enabled created via the ext. attribute).
Extension attribute (we named it Teams Location Services Enabled):
#!/bin/bash
osVers=$(sw_vers -productVersion)
if [[ "$osVers" == *13* ]] ; then
key1=$(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | head -1)
key2=$(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | tail -1)
teamsapp_location=$(/usr/LibExec/PlistBuddy -c "Print :$key1:Authorized" /var/db/locationd/clients.plist)
teamshelper_location=$(/usr/LibExec/PlistBuddy -c "Print :$key2:Authorized" /var/db/locationd/clients.plist)
else
teamsapp_location=$(/usr/libexec/PlistBuddy -c "Print :com.microsoft.teams:Authorized" /var/db/locationd/clients.plist)
teamshelper_location=$(/usr/libexec/PlistBuddy -c "Print :com.microsoft.teams.helper:Authorized" /var/db/locationd/clients.plist)
fi
if [[ $teamshelper_location == "true" ]] && [[ $teamsapp_location == "true" ]]; then
echo "<result>true</result>"
else
echo "<result>false</result>"
fi
exit 0
We actually got the same responses from Jamf/Apple when asking for better ways to do this other than "give the users admin rights and have them enable the app location manually". We had the need to enable location services for Teams (and Teams Helper) for our E911 calling. Not satisfied with those responses I dug deeper and found a way to 100% automate enabling app location services. This script is for Teams and Teams Helper, but you can review the queried file and substitute in whatever app you need (Chrome, Zoom, etc). macOS Ventura adds a GUID to the file entries so there are pre-macOS 13 and post-macOS 13 sections of the script.
First, we check if location services is enabled, if yes we continue, if not we call a different script to enable it (you will have to replace that jamf policy statement on Line 33 with the commands to enable location services listed at the beginning of this whole thread).
#!/bin/bash
####################################################################################################
# DESC: When the script runs, it will make a copy of the existing location services
# /var/db/locationd/client.plist to be used in case a revert is needed. Following, we swap 0's
# to 1's within the client.plist for Teams and Teams helper to enable them.
# REFS: N/A
#
# Author: Bill Addis
#
# HISTORY
# - v.0.0: discovery of appropriate directories and files for manipulation
# - v.1.0: initial script upload
# - v.1.1: added additional logging, as well as error checking to ensure the plist exists before manipulation
# - v.1.1: discovered+fixed a bug where if an end-user manually DISABLES Teams from using location services, the "authorized key" disappears and cannot be set
# - v.1.2: Adding an initial check at the top to see if location services for MacOS are enabled
# - v.1.3: Updated to account for changes in macOS Ventura
####################################################################################################
# Set line debugging
PS4='Line ${LINENO}: '
# Echo mount point in Jamf
echo $1
# Is location services enabled?
location_enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled)
if [[ "$location_enabled" = "1" ]]; then
echo ""
echo "Location Services are enabled, moving on..."
echo ""
else
echo ""
echo "Location Services disabled. Enabling them..."
# UPDATE THIS LINE TO ACTUALLY ENABLE LOCATION SERVICES
jamf policy -event location
sleep 3
location_enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled)
if [[ "$location_enabled" = "0" ]]; then
echo "Unable to enable location services...exiting"
exit 1
fi
fi
# Does the clients.plist exist?
echo "Current contents of /var/db/locationd directory:"
echo "$(ls /var/db/locationd)"
osVers=$(sw_vers -productVersion)
echo "macOS $osVers currently installed."
if [[ "$osVers" == *13* ]] ; then
echo "Executing for macOS Ventura..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
key1=$(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | head -1)
key2=$(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | tail -1)
echo "$clients already exists! Moving on..."
echo ""
echo "Current key values for teams app and teams helper:"
echo $(/usr/libexec/PlistBuddy -c "Print $key1" $clients)
echo ""
echo $(/usr/libexec/PlistBuddy -c "Print $key2" $clients)
echo ""
echo "================================="
# Create a backup of the existing client location services file
cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
# Use Plist Buddy to mark-up client plist, enabling Teams' location services
/usr/LibExec/PlistBuddy -c "Set :$key1:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :$key1:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Teams app location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :$key1:Authorized true" /private/var/tmp/clients.plist
fi
echo "Setting Teams app location services returned: $?"
/usr/LibExec/PlistBuddy -c "Set :$key2:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :$key2:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Teams helper location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :$key2:Authorized true" /private/var/tmp/clients.plist
fi
echo "Enabling Teams helper location services returned: $?"
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
else
echo "Executing for macOS 12 or less..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
echo "$clients already exists! Moving on..."
echo ""
echo "Current key values for teams app and teams helper:"
echo $(/usr/libexec/PlistBuddy -c "Print :com.microsoft.teams" $clients)
echo ""
echo $(/usr/libexec/PlistBuddy -c "Print :com.microsoft.teams.helper" $clients)
echo ""
echo "================================="
# Create a backup of the existing client location services file
cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
# Use Plist Buddy to mark-up client plist, enabling Teams' location services
/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :com.microsoft.teams:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Teams app location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams:Authorized true" /private/var/tmp/clients.plist
fi
echo "Setting Teams app location services returned: $?"
/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams.helper:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :com.microsoft.teams.helper:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Teams helper location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams.helper:Authorized true" /private/var/tmp/clients.plist
fi
echo "Enabling Teams helper location services returned: $?"
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
fi
# Display the final return code
exit $? From there, we created an extension attribute to read/report on whether or not Teams location services are enabled and just have this policy set to run this script Ongoing/Recurring Check-in/All Managed Clients (exclude smart group of machines with Teams location enabled created via the ext. attribute).
Extension attribute (we named it Teams Location Services Enabled):
#!/bin/bash
osVers=$(sw_vers -productVersion)
if [[ "$osVers" == *13* ]] ; then
key1=$(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | head -1)
key2=$(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | tail -1)
teamsapp_location=$(/usr/LibExec/PlistBuddy -c "Print :$key1:Authorized" /var/db/locationd/clients.plist)
teamshelper_location=$(/usr/LibExec/PlistBuddy -c "Print :$key2:Authorized" /var/db/locationd/clients.plist)
else
teamsapp_location=$(/usr/libexec/PlistBuddy -c "Print :com.microsoft.teams:Authorized" /var/db/locationd/clients.plist)
teamshelper_location=$(/usr/libexec/PlistBuddy -c "Print :com.microsoft.teams.helper:Authorized" /var/db/locationd/clients.plist)
fi
if [[ $teamshelper_location == "true" ]] && [[ $teamsapp_location == "true" ]]; then
echo "<result>true</result>"
else
echo "<result>false</result>"
fi
exit 0
How are you writing to /var/db/locationd ?
I get operation not permitted no matter the method.
How are you writing to /var/db/locationd ?
I get operation not permitted no matter the method.
Are you trying to run the script via a Jamf policy? That should have full rights to do anything. If you are running the sh locally it would need sudo and probably have to give Terminal (or whatever is executing) full disk access in PPPC settings. Maybe attach a log of what you're getting and it will help. Thanks.
Are you trying to run the script via a Jamf policy? That should have full rights to do anything. If you are running the sh locally it would need sudo and probably have to give Terminal (or whatever is executing) full disk access in PPPC settings. Maybe attach a log of what you're getting and it will help. Thanks.
Thank you much! I was testing out of my terminal and completely forgot about it not having Disk Access enabled for it. I rewrote the JAMF policy execution from,
jamf policy -event locationto
sudo -u "_locationd" defaults -currentHost write "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled -int 1It appears to be working well for what we need thank you for sharing your solution.
Thank you much! I was testing out of my terminal and completely forgot about it not having Disk Access enabled for it. I rewrote the JAMF policy execution from,
jamf policy -event locationto
sudo -u "_locationd" defaults -currentHost write "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled -int 1It appears to be working well for what we need thank you for sharing your solution.
Great, I'm glad it was helpful to you! The location entries do not show up until the app has been opened for the first time, so we have our policy set to run Ongoing at recurring check-in for all machines (excluding machines that already have it enabled; via the extension attribute inventory). Running this just once during a build/provision probably won't work correctly since the apps will not have been opened.
We actually got the same responses from Jamf/Apple when asking for better ways to do this other than "give the users admin rights and have them enable the app location manually". We had the need to enable location services for Teams (and Teams Helper) for our E911 calling. Not satisfied with those responses I dug deeper and found a way to 100% automate enabling app location services. This script is for Teams and Teams Helper, but you can review the queried file and substitute in whatever app you need (Chrome, Zoom, etc). macOS Ventura adds a GUID to the file entries so there are pre-macOS 13 and post-macOS 13 sections of the script.
First, we check if location services is enabled, if yes we continue, if not we call a different script to enable it (you will have to replace that jamf policy statement on Line 33 with the commands to enable location services listed at the beginning of this whole thread).
#!/bin/bash
####################################################################################################
# DESC: When the script runs, it will make a copy of the existing location services
# /var/db/locationd/client.plist to be used in case a revert is needed. Following, we swap 0's
# to 1's within the client.plist for Teams and Teams helper to enable them.
# REFS: N/A
#
# Author: Bill Addis
#
# HISTORY
# - v.0.0: discovery of appropriate directories and files for manipulation
# - v.1.0: initial script upload
# - v.1.1: added additional logging, as well as error checking to ensure the plist exists before manipulation
# - v.1.1: discovered+fixed a bug where if an end-user manually DISABLES Teams from using location services, the "authorized key" disappears and cannot be set
# - v.1.2: Adding an initial check at the top to see if location services for MacOS are enabled
# - v.1.3: Updated to account for changes in macOS Ventura
####################################################################################################
# Set line debugging
PS4='Line ${LINENO}: '
# Echo mount point in Jamf
echo $1
# Is location services enabled?
location_enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled)
if [[ "$location_enabled" = "1" ]]; then
echo ""
echo "Location Services are enabled, moving on..."
echo ""
else
echo ""
echo "Location Services disabled. Enabling them..."
# UPDATE THIS LINE TO ACTUALLY ENABLE LOCATION SERVICES
jamf policy -event location
sleep 3
location_enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled)
if [[ "$location_enabled" = "0" ]]; then
echo "Unable to enable location services...exiting"
exit 1
fi
fi
# Does the clients.plist exist?
echo "Current contents of /var/db/locationd directory:"
echo "$(ls /var/db/locationd)"
osVers=$(sw_vers -productVersion)
echo "macOS $osVers currently installed."
if [[ "$osVers" == *13* ]] ; then
echo "Executing for macOS Ventura..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
key1=$(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | head -1)
key2=$(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | tail -1)
echo "$clients already exists! Moving on..."
echo ""
echo "Current key values for teams app and teams helper:"
echo $(/usr/libexec/PlistBuddy -c "Print $key1" $clients)
echo ""
echo $(/usr/libexec/PlistBuddy -c "Print $key2" $clients)
echo ""
echo "================================="
# Create a backup of the existing client location services file
cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
# Use Plist Buddy to mark-up client plist, enabling Teams' location services
/usr/LibExec/PlistBuddy -c "Set :$key1:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :$key1:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Teams app location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :$key1:Authorized true" /private/var/tmp/clients.plist
fi
echo "Setting Teams app location services returned: $?"
/usr/LibExec/PlistBuddy -c "Set :$key2:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :$key2:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Teams helper location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :$key2:Authorized true" /private/var/tmp/clients.plist
fi
echo "Enabling Teams helper location services returned: $?"
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
else
echo "Executing for macOS 12 or less..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
echo "$clients already exists! Moving on..."
echo ""
echo "Current key values for teams app and teams helper:"
echo $(/usr/libexec/PlistBuddy -c "Print :com.microsoft.teams" $clients)
echo ""
echo $(/usr/libexec/PlistBuddy -c "Print :com.microsoft.teams.helper" $clients)
echo ""
echo "================================="
# Create a backup of the existing client location services file
cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
# Use Plist Buddy to mark-up client plist, enabling Teams' location services
/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :com.microsoft.teams:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Teams app location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams:Authorized true" /private/var/tmp/clients.plist
fi
echo "Setting Teams app location services returned: $?"
/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams.helper:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :com.microsoft.teams.helper:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Teams helper location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams.helper:Authorized true" /private/var/tmp/clients.plist
fi
echo "Enabling Teams helper location services returned: $?"
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
fi
# Display the final return code
exit $? From there, we created an extension attribute to read/report on whether or not Teams location services are enabled and just have this policy set to run this script Ongoing/Recurring Check-in/All Managed Clients (exclude smart group of machines with Teams location enabled created via the ext. attribute).
Extension attribute (we named it Teams Location Services Enabled):
#!/bin/bash
osVers=$(sw_vers -productVersion)
if [[ "$osVers" == *13* ]] ; then
key1=$(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | head -1)
key2=$(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | tail -1)
teamsapp_location=$(/usr/LibExec/PlistBuddy -c "Print :$key1:Authorized" /var/db/locationd/clients.plist)
teamshelper_location=$(/usr/LibExec/PlistBuddy -c "Print :$key2:Authorized" /var/db/locationd/clients.plist)
else
teamsapp_location=$(/usr/libexec/PlistBuddy -c "Print :com.microsoft.teams:Authorized" /var/db/locationd/clients.plist)
teamshelper_location=$(/usr/libexec/PlistBuddy -c "Print :com.microsoft.teams.helper:Authorized" /var/db/locationd/clients.plist)
fi
if [[ $teamshelper_location == "true" ]] && [[ $teamsapp_location == "true" ]]; then
echo "<result>true</result>"
else
echo "<result>false</result>"
fi
exit 0
willamaddis - this is a big help as we are just having to deal with the same thing for our E911 now. EA works fine but I just can't seem to get the script to do its thing. Not sure if the name change to Teams classic and Teams Work and School require any adjustments or if it is a Sonoma thing? (with the executing for macOS 12 or less piece)
This is what I get:
Executing for macOS 12 or less... /var/db/locationd/clients.plist already exists! Moving on... Current key values for teams app and teams helper: Print: Entry, ":com.microsoft.teams2", Does Not Exist Print: Entry, ":com.microsoft.teams2.helper", Does Not Exist ================================= Set: Entry, ":com.microsoft.teams2:Authorized", Does Not Exist Authorized key seems to be missing...re-adding the key Adding 'authorized' key for Teams app location services returned: 0 Setting Teams app location services returned: 0 Set: Entry, ":com.microsoft.teams2.helper:Authorized", Does Not Exist Authorized key seems to be missing...re-adding the key Adding 'authorized' key for Teams helper location services returned: 0 Enabling Teams helper location services returned: 0
willamaddis - this is a big help as we are just having to deal with the same thing for our E911 now. EA works fine but I just can't seem to get the script to do its thing. Not sure if the name change to Teams classic and Teams Work and School require any adjustments or if it is a Sonoma thing? (with the executing for macOS 12 or less piece)
This is what I get:
Executing for macOS 12 or less... /var/db/locationd/clients.plist already exists! Moving on... Current key values for teams app and teams helper: Print: Entry, ":com.microsoft.teams2", Does Not Exist Print: Entry, ":com.microsoft.teams2.helper", Does Not Exist ================================= Set: Entry, ":com.microsoft.teams2:Authorized", Does Not Exist Authorized key seems to be missing...re-adding the key Adding 'authorized' key for Teams app location services returned: 0 Setting Teams app location services returned: 0 Set: Entry, ":com.microsoft.teams2.helper:Authorized", Does Not Exist Authorized key seems to be missing...re-adding the key Adding 'authorized' key for Teams helper location services returned: 0 Enabling Teams helper location services returned: 0
Actually yes, Sonoma brought about some interesting changes to the format of the plist, including adding an "i" to the beginning, lol. So its icom.microsoft.teams2, for example. I've updated the script since it was originally posted to now recursively handle all Teams instances ("classic" teams and "new" teams). The extension attribute has been updated as well to simply show the true/false values for any Teams instance on the machine so you can basically just create a smart group based on if the extension attribute contains "false" and then have the location enable script automated to run on those.
#!/bin/bash
####################################################################################################
# DESC: When the script runs, it will make a copy of the existing location services
# /var/db/locationd/client.plist to be used in case a revert is needed. Following, we swap 0's
# to 1's within the client.plist for Teams and Teams helper to enable them.
# REFS: N/A
#
# HISTORY
# - v.1.5 Bill Addis, Sep 15, 2023: Added for loop to update all Teams location entries (old Teams and new)
# - v.1.6 Bill Addis, Oct 23, 2023: Added support for Sonoma. Updated script to loop for all Teams versions
####################################################################################################
# Set line debugging
PS4='Line ${LINENO}: '
# Echo mount point in Jamf
echo $1
# Is location services enabled?
location_enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled)
if [[ "$location_enabled" = "1" ]]; then
echo ""
echo "Location Services are enabled, moving on..."
echo ""
else
echo ""
echo "Location Services disabled. Enabling them..."
jamf policy -event location
sleep 3
location_enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled)
if [[ "$location_enabled" = "0" ]]; then
echo "Unable to enable location services...exiting"
exit 1
fi
fi
# Does the clients.plist exist?
echo "Current contents of /var/db/locationd directory:"
echo "$(ls /var/db/locationd)"
osVers=$(sw_vers -productVersion)
echo "macOS $osVers currently installed."
if [[ "$osVers" == *12* ]] ; then
echo "Executing for macOS 12 Monterey..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
echo "$clients already exists! Moving on..."
echo ""
echo "Current key values for teams app and teams helper:"
echo $(/usr/libexec/PlistBuddy -c "Print :com.microsoft.teams" $clients)
echo ""
echo $(/usr/libexec/PlistBuddy -c "Print :com.microsoft.teams.helper" $clients)
echo ""
echo "================================="
# Create a backup of the existing client location services file
cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
# Use Plist Buddy to mark-up client plist, enabling Teams' location services
/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :com.microsoft.teams:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Teams app location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams:Authorized true" /private/var/tmp/clients.plist
fi
echo "Setting Teams app location services returned: $?"
/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams.helper:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :com.microsoft.teams.helper:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Teams helper location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams.helper:Authorized true" /private/var/tmp/clients.plist
fi
echo "Enabling Teams helper location services returned: $?"
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
elif [[ "$osVers" == *13* ]] ; then
echo "Executing for macOS Ventura 13 Ventura..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
echo "$clients already exists! Moving on..."
echo ""
# Create a backup of the existing client location services file
cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
count=1
for i in $(/usr/libexec/PlistBuddy -c "Print" /private/var/tmp/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}');
do
echo "Current key value for key$count:"
echo $(/usr/libexec/PlistBuddy -c "Print $i" $clients)
# Use Plist Buddy to mark-up client plist, enabling Teams location services
/usr/LibExec/PlistBuddy -c "Set :$i:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :$i:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for $i location services returned: $?"
fi
echo "Setting $i location services returned: $?"
echo ""
((count=count+1))
done
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
elif [[ "$osVers" == *14* ]] ; then
echo "Executing for macOS 14 Sonoma..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
echo "$clients already exists! Moving on..."
echo ""
# Create a backup of the existing client location services file
cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
count=1
for i in $(/usr/libexec/PlistBuddy -c "Print" /private/var/tmp/clients.plist | grep -a :icom.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | sed "s/..$//");
do
echo "Current key value for key$count:"
echo $(/usr/libexec/PlistBuddy -c "Print $i" $clients)
# Use Plist Buddy to mark-up client plist, enabling Teams location services
/usr/LibExec/PlistBuddy -c "Set :$i\\::Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :$i\\::Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for $i location services returned: $?"
fi
echo "Setting $i location services returned: $?"
echo ""
((count=count+1))
done
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
#rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
fi
# Display the final return code
exit $?
And here is the updated extension attribute:
#!/bin/bash
# Force the script to quit if any error encountered
set -e
osVers=$(sw_vers -productVersion)
# Initialize array variable to hold admin usernames
list=()
NL=$'\\n'
if [[ "$osVers" == *13* ]] ; then
echo "Executing for macOS Ventura 13 Ventura..."
for i in $(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}'); do
keyName=$(echo "$i" | awk -v FS=: '{print $2}')
authValue=$(/usr/LibExec/PlistBuddy -c "Print :$i:Authorized" /var/db/locationd/clients.plist)
list+=("$keyName: $authValue${NL}")
done
elif [[ "$osVers" == *14* ]] ; then
echo "Executing for macOS 14 Sonoma..."
for i in $(/usr/libexec/PlistBuddy -c "Print" /private/var/tmp/clients.plist | grep -a :icom.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | sed "s/..$//"); do
keyName=$(echo "$i" | awk -v FS=: '{print $2}')
authValue=$(/usr/LibExec/PlistBuddy -c "Print :$i\\::Authorized" /var/db/locationd/clients.plist)
list+=("$keyName: $authValue${NL}")
done
fi
# Print all items in the list array
/bin/echo "<result>${list[@]}</result>"
I modified it to authorize Zoom instead of Teams, but the issue is in 14.2 it appears it won't let you write to that directory. Manually or via Jamf.
Location Services are enabled, moving on...
Current contents of /var/db/locationd directory:
CLDaemonMonitor
Library
clients.plist
macOS 14.2 currently installed.
Executing for macOS 14 Sonoma...
/var/db/locationd/clients.plist already exists! Moving on...
cp: /var/db/locationd/clients.BAK: Operation not permitted
Current key value for key1:
Print: Entry, "291BDDC9-1508-47C4-B2E9-EEB42B92BDB6\\:ius.zoom.xos", Does Not Exist
Setting 291BDDC9-1508-47C4-B2E9-EEB42B92BDB6\\:ius.zoom.xos location services returned: 0
cp: /var/db/locationd/clients.plist: Operation not permitted
I modified it to authorize Zoom instead of Teams, but the issue is in 14.2 it appears it won't let you write to that directory. Manually or via Jamf.
Location Services are enabled, moving on...
Current contents of /var/db/locationd directory:
CLDaemonMonitor
Library
clients.plist
macOS 14.2 currently installed.
Executing for macOS 14 Sonoma...
/var/db/locationd/clients.plist already exists! Moving on...
cp: /var/db/locationd/clients.BAK: Operation not permitted
Current key value for key1:
Print: Entry, "291BDDC9-1508-47C4-B2E9-EEB42B92BDB6\\:ius.zoom.xos", Does Not Exist
Setting 291BDDC9-1508-47C4-B2E9-EEB42B92BDB6\\:ius.zoom.xos location services returned: 0
cp: /var/db/locationd/clients.plist: Operation not permitted
Can you send the text of what that Zoom data looks like in that clients.plist file? So you are testing this on a beta version of 14.2?
Can you send the text of what that Zoom data looks like in that clients.plist file? So you are testing this on a beta version of 14.2?
Beta 3 of 14.2. So could be a bug but knowing Apple...things to come.
"291BDDC9-1508-47C4-B2E9-EEB42B92BDB6:ius.zoom.xos:" = {
Authorized = 0;
BundleId = "us.zoom.xos";
BundlePath = "/Applications/zoom.us.app";
ClientStorageToken = {length = 32, bytes = 0x956d5c05 24e7b867 84bc0627 525832d2 ... 55274884 7855e965 };
Executable = "/Applications/zoom.us.app/Contents/MacOS/zoom.us";
LocationTimeStopped = "721830478.259725";
PluginBundleIds = (
);
ReceivingLocationInformationTimeStopped = "721830472.978381";
Registered = 1;
Requirement = "identifier \\\\"us.zoom.xos\\\\" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = BJ4HAAB9B3";
};
Beta 3 of 14.2. So could be a bug but knowing Apple...things to come.
"291BDDC9-1508-47C4-B2E9-EEB42B92BDB6:ius.zoom.xos:" = {
Authorized = 0;
BundleId = "us.zoom.xos";
BundlePath = "/Applications/zoom.us.app";
ClientStorageToken = {length = 32, bytes = 0x956d5c05 24e7b867 84bc0627 525832d2 ... 55274884 7855e965 };
Executable = "/Applications/zoom.us.app/Contents/MacOS/zoom.us";
LocationTimeStopped = "721830478.259725";
PluginBundleIds = (
);
ReceivingLocationInformationTimeStopped = "721830472.978381";
Registered = 1;
Requirement = "identifier \\\\"us.zoom.xos\\\\" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = BJ4HAAB9B3";
};
Are you able to check the temp copy of the plist where all the edits are made to see if its setting the Authorized value to 1 for that Zoom key (/private/var/tmp/clients.plist). I just checked on one of mine Sonoma machines (only 14.1.1) and I do see similar "Print Entry.... does not exist" but that is because its interpreting that \\ literally in the uuid\\:icom.app.... rather than just the : in between, so I can do some refinement there, but the settings all still apply properly. It just needs the terminated value to properly set the key, but doesn't need it for the display. Such a pain. This should all be something done as easy as every other PPPC setting on a supervised machine :)
Are you able to check the temp copy of the plist where all the edits are made to see if its setting the Authorized value to 1 for that Zoom key (/private/var/tmp/clients.plist). I just checked on one of mine Sonoma machines (only 14.1.1) and I do see similar "Print Entry.... does not exist" but that is because its interpreting that \\ literally in the uuid\\:icom.app.... rather than just the : in between, so I can do some refinement there, but the settings all still apply properly. It just needs the terminated value to properly set the key, but doesn't need it for the display. Such a pain. This should all be something done as easy as every other PPPC setting on a supervised machine :)
Actually still showing false. But won't write the backup or write over the original in that directory.
<key>291BDDC9-1508-47C4-B2E9-EEB42B92BDB6:ius.zoom.xos:</key>
<dict>
<key>Authorized</key>
<false/>
<key>BundleId</key>
<string>us.zoom.xos</string>
<key>BundlePath</key>
<string>/Applications/zoom.us.app</string>
<key>ClientStorageToken</key>
<data>
lW1cBSTnuGeEvAYnUlgy0jRv8sLRTx6yVSdIhHhV6WU=
</data>
<key>Executable</key>
<string>/Applications/zoom.us.app/Contents/MacOS/zoom.us</string>
<key>LocationTimeStopped</key>
<real>721830478.25972497</real>
<key>PluginBundleIds</key>
<array/>
<key>ReceivingLocationInformationTimeStopped</key>
<real>721830472.97838104</real>
<key>Registered</key>
<true/>
<key>Requirement</key>
<string>identifier "us.zoom.xos" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = BJ4HAAB9B3</string>
</dict>
Actually yes, Sonoma brought about some interesting changes to the format of the plist, including adding an "i" to the beginning, lol. So its icom.microsoft.teams2, for example. I've updated the script since it was originally posted to now recursively handle all Teams instances ("classic" teams and "new" teams). The extension attribute has been updated as well to simply show the true/false values for any Teams instance on the machine so you can basically just create a smart group based on if the extension attribute contains "false" and then have the location enable script automated to run on those.
#!/bin/bash
####################################################################################################
# DESC: When the script runs, it will make a copy of the existing location services
# /var/db/locationd/client.plist to be used in case a revert is needed. Following, we swap 0's
# to 1's within the client.plist for Teams and Teams helper to enable them.
# REFS: N/A
#
# HISTORY
# - v.1.5 Bill Addis, Sep 15, 2023: Added for loop to update all Teams location entries (old Teams and new)
# - v.1.6 Bill Addis, Oct 23, 2023: Added support for Sonoma. Updated script to loop for all Teams versions
####################################################################################################
# Set line debugging
PS4='Line ${LINENO}: '
# Echo mount point in Jamf
echo $1
# Is location services enabled?
location_enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled)
if [[ "$location_enabled" = "1" ]]; then
echo ""
echo "Location Services are enabled, moving on..."
echo ""
else
echo ""
echo "Location Services disabled. Enabling them..."
jamf policy -event location
sleep 3
location_enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled)
if [[ "$location_enabled" = "0" ]]; then
echo "Unable to enable location services...exiting"
exit 1
fi
fi
# Does the clients.plist exist?
echo "Current contents of /var/db/locationd directory:"
echo "$(ls /var/db/locationd)"
osVers=$(sw_vers -productVersion)
echo "macOS $osVers currently installed."
if [[ "$osVers" == *12* ]] ; then
echo "Executing for macOS 12 Monterey..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
echo "$clients already exists! Moving on..."
echo ""
echo "Current key values for teams app and teams helper:"
echo $(/usr/libexec/PlistBuddy -c "Print :com.microsoft.teams" $clients)
echo ""
echo $(/usr/libexec/PlistBuddy -c "Print :com.microsoft.teams.helper" $clients)
echo ""
echo "================================="
# Create a backup of the existing client location services file
cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
# Use Plist Buddy to mark-up client plist, enabling Teams' location services
/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :com.microsoft.teams:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Teams app location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams:Authorized true" /private/var/tmp/clients.plist
fi
echo "Setting Teams app location services returned: $?"
/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams.helper:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :com.microsoft.teams.helper:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Teams helper location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams.helper:Authorized true" /private/var/tmp/clients.plist
fi
echo "Enabling Teams helper location services returned: $?"
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
elif [[ "$osVers" == *13* ]] ; then
echo "Executing for macOS Ventura 13 Ventura..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
echo "$clients already exists! Moving on..."
echo ""
# Create a backup of the existing client location services file
cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
count=1
for i in $(/usr/libexec/PlistBuddy -c "Print" /private/var/tmp/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}');
do
echo "Current key value for key$count:"
echo $(/usr/libexec/PlistBuddy -c "Print $i" $clients)
# Use Plist Buddy to mark-up client plist, enabling Teams location services
/usr/LibExec/PlistBuddy -c "Set :$i:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :$i:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for $i location services returned: $?"
fi
echo "Setting $i location services returned: $?"
echo ""
((count=count+1))
done
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
elif [[ "$osVers" == *14* ]] ; then
echo "Executing for macOS 14 Sonoma..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
echo "$clients already exists! Moving on..."
echo ""
# Create a backup of the existing client location services file
cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
count=1
for i in $(/usr/libexec/PlistBuddy -c "Print" /private/var/tmp/clients.plist | grep -a :icom.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | sed "s/..$//");
do
echo "Current key value for key$count:"
echo $(/usr/libexec/PlistBuddy -c "Print $i" $clients)
# Use Plist Buddy to mark-up client plist, enabling Teams location services
/usr/LibExec/PlistBuddy -c "Set :$i\\::Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :$i\\::Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for $i location services returned: $?"
fi
echo "Setting $i location services returned: $?"
echo ""
((count=count+1))
done
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
#rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
fi
# Display the final return code
exit $?
And here is the updated extension attribute:
#!/bin/bash
# Force the script to quit if any error encountered
set -e
osVers=$(sw_vers -productVersion)
# Initialize array variable to hold admin usernames
list=()
NL=$'\\n'
if [[ "$osVers" == *13* ]] ; then
echo "Executing for macOS Ventura 13 Ventura..."
for i in $(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}'); do
keyName=$(echo "$i" | awk -v FS=: '{print $2}')
authValue=$(/usr/LibExec/PlistBuddy -c "Print :$i:Authorized" /var/db/locationd/clients.plist)
list+=("$keyName: $authValue${NL}")
done
elif [[ "$osVers" == *14* ]] ; then
echo "Executing for macOS 14 Sonoma..."
for i in $(/usr/libexec/PlistBuddy -c "Print" /private/var/tmp/clients.plist | grep -a :icom.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | sed "s/..$//"); do
keyName=$(echo "$i" | awk -v FS=: '{print $2}')
authValue=$(/usr/LibExec/PlistBuddy -c "Print :$i\\::Authorized" /var/db/locationd/clients.plist)
list+=("$keyName: $authValue${NL}")
done
fi
# Print all items in the list array
/bin/echo "<result>${list[@]}</result>"This worked like a champ. Thank you!
Actually still showing false. But won't write the backup or write over the original in that directory.
<key>291BDDC9-1508-47C4-B2E9-EEB42B92BDB6:ius.zoom.xos:</key>
<dict>
<key>Authorized</key>
<false/>
<key>BundleId</key>
<string>us.zoom.xos</string>
<key>BundlePath</key>
<string>/Applications/zoom.us.app</string>
<key>ClientStorageToken</key>
<data>
lW1cBSTnuGeEvAYnUlgy0jRv8sLRTx6yVSdIhHhV6WU=
</data>
<key>Executable</key>
<string>/Applications/zoom.us.app/Contents/MacOS/zoom.us</string>
<key>LocationTimeStopped</key>
<real>721830478.25972497</real>
<key>PluginBundleIds</key>
<array/>
<key>ReceivingLocationInformationTimeStopped</key>
<real>721830472.97838104</real>
<key>Registered</key>
<true/>
<key>Requirement</key>
<string>identifier "us.zoom.xos" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = BJ4HAAB9B3</string>
</dict>
Can you put the updated code in here, basically the for loop with the plist/grep commands through the Add Authorized.. section is what I was looking to see. Maybe something will stand out.
Can you put the updated code in here, basically the for loop with the plist/grep commands through the Add Authorized.. section is what I was looking to see. Maybe something will stand out.
#!/bin/bash
####################################################################################################
# DESC: When the script runs, it will make a copy of the existing location services
# /var/db/locationd/client.plist to be used in case a revert is needed. Following, we swap 0's
# to 1's within the client.plist for Zoom and Zoom helper to enable them.
# REFS: N/A
#
# HISTORY
# - v.1.5 Bill Addis, Sep 15, 2023: Added for loop to update all Zoom location entries (old Zoom and new)
# - v.1.6 Bill Addis, Oct 23, 2023: Added support for Sonoma. Updated script to loop for all Zoom versions
####################################################################################################
# Set line debugging
PS4='Line ${LINENO}: '
# Echo mount point in Jamf
echo $1
# Is location services enabled?
location_enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled)
if [[ "$location_enabled" = "1" ]]; then
echo ""
echo "Location Services are enabled, moving on..."
echo ""
else
echo ""
echo "Location Services disabled. Enabling them..."
jamf policy -event location
sleep 3
location_enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled)
if [[ "$location_enabled" = "0" ]]; then
echo "Unable to enable location services...exiting"
exit 1
fi
fi
# Does the clients.plist exist?
echo "Current contents of /var/db/locationd directory:"
echo "$(ls /var/db/locationd)"
osVers=$(sw_vers -productVersion)
echo "macOS $osVers currently installed."
if [[ "$osVers" == *12* ]] ; then
echo "Executing for macOS 12 Monterey..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
echo "$clients already exists! Moving on..."
echo ""
echo "Current key values for Zoom app and Zoom helper:"
echo $(/usr/libexec/PlistBuddy -c "Print :us.zoom.xos" $clients)
echo ""
echo $(/usr/libexec/PlistBuddy -c "Print :us.zoom.xos.helper" $clients)
echo ""
echo "================================="
# Create a backup of the existing client location services file
sudo cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
sudo cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
# Use Plist Buddy to mark-up client plist, enabling Zoom' location services
/usr/LibExec/PlistBuddy -c "Set :us.zoom.xos:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :us.zoom.xos:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Zoom app location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :us.zoom.xos:Authorized true" /private/var/tmp/clients.plist
fi
echo "Setting Zoom app location services returned: $?"
/usr/LibExec/PlistBuddy -c "Set :us.zoom.xos.helper:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :us.zoom.xos.helper:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Zoom helper location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :us.zoom.xos.helper:Authorized true" /private/var/tmp/clients.plist
fi
echo "Enabling Zoom helper location services returned: $?"
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
sudo cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
elif [[ "$osVers" == *13* ]] ; then
echo "Executing for macOS Ventura 13 Ventura..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
echo "$clients already exists! Moving on..."
echo ""
# Create a backup of the existing client location services file
sudo cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
sudo cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
count=1
for i in $(/usr/libexec/PlistBuddy -c "Print" /private/var/tmp/clients.plist | grep :us.zoom.xos | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}');
do
echo "Current key value for key$count:"
echo $(/usr/libexec/PlistBuddy -c "Print $i" $clients)
# Use Plist Buddy to mark-up client plist, enabling Zoom location services
/usr/LibExec/PlistBuddy -c "Set :$i:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :$i:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for $i location services returned: $?"
fi
echo "Setting $i location services returned: $?"
echo ""
((count=count+1))
done
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
sudo cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
elif [[ "$osVers" == *14* ]] ; then
echo "Executing for macOS 14 Sonoma..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
echo "$clients already exists! Moving on..."
echo ""
# Create a backup of the existing client location services file
sudo cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
sudo cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
count=1
for i in $(/usr/libexec/PlistBuddy -c "Print" /private/var/tmp/clients.plist | grep -a :ius.zoom.xos | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | sed "s/..$//");
do
echo "Current key value for key$count:"
echo $(/usr/libexec/PlistBuddy -c "Print $i" $clients)
# Use Plist Buddy to mark-up client plist, enabling Zoom location services
/usr/LibExec/PlistBuddy -c "Set :$i\\::Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :$i\\::Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for $i location services returned: $?"
fi
echo "Setting $i location services returned: $?"
echo ""
((count=count+1))
done
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
sudo cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
#rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
fi
# Display the final return code
exit $?
Could be way off base here, but it really doesn't like writing to that directory. Haven't tested on a lower OS.
#!/bin/bash
####################################################################################################
# DESC: When the script runs, it will make a copy of the existing location services
# /var/db/locationd/client.plist to be used in case a revert is needed. Following, we swap 0's
# to 1's within the client.plist for Zoom and Zoom helper to enable them.
# REFS: N/A
#
# HISTORY
# - v.1.5 Bill Addis, Sep 15, 2023: Added for loop to update all Zoom location entries (old Zoom and new)
# - v.1.6 Bill Addis, Oct 23, 2023: Added support for Sonoma. Updated script to loop for all Zoom versions
####################################################################################################
# Set line debugging
PS4='Line ${LINENO}: '
# Echo mount point in Jamf
echo $1
# Is location services enabled?
location_enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled)
if [[ "$location_enabled" = "1" ]]; then
echo ""
echo "Location Services are enabled, moving on..."
echo ""
else
echo ""
echo "Location Services disabled. Enabling them..."
jamf policy -event location
sleep 3
location_enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled)
if [[ "$location_enabled" = "0" ]]; then
echo "Unable to enable location services...exiting"
exit 1
fi
fi
# Does the clients.plist exist?
echo "Current contents of /var/db/locationd directory:"
echo "$(ls /var/db/locationd)"
osVers=$(sw_vers -productVersion)
echo "macOS $osVers currently installed."
if [[ "$osVers" == *12* ]] ; then
echo "Executing for macOS 12 Monterey..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
echo "$clients already exists! Moving on..."
echo ""
echo "Current key values for Zoom app and Zoom helper:"
echo $(/usr/libexec/PlistBuddy -c "Print :us.zoom.xos" $clients)
echo ""
echo $(/usr/libexec/PlistBuddy -c "Print :us.zoom.xos.helper" $clients)
echo ""
echo "================================="
# Create a backup of the existing client location services file
sudo cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
sudo cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
# Use Plist Buddy to mark-up client plist, enabling Zoom' location services
/usr/LibExec/PlistBuddy -c "Set :us.zoom.xos:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :us.zoom.xos:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Zoom app location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :us.zoom.xos:Authorized true" /private/var/tmp/clients.plist
fi
echo "Setting Zoom app location services returned: $?"
/usr/LibExec/PlistBuddy -c "Set :us.zoom.xos.helper:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :us.zoom.xos.helper:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Zoom helper location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :us.zoom.xos.helper:Authorized true" /private/var/tmp/clients.plist
fi
echo "Enabling Zoom helper location services returned: $?"
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
sudo cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
elif [[ "$osVers" == *13* ]] ; then
echo "Executing for macOS Ventura 13 Ventura..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
echo "$clients already exists! Moving on..."
echo ""
# Create a backup of the existing client location services file
sudo cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
sudo cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
count=1
for i in $(/usr/libexec/PlistBuddy -c "Print" /private/var/tmp/clients.plist | grep :us.zoom.xos | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}');
do
echo "Current key value for key$count:"
echo $(/usr/libexec/PlistBuddy -c "Print $i" $clients)
# Use Plist Buddy to mark-up client plist, enabling Zoom location services
/usr/LibExec/PlistBuddy -c "Set :$i:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :$i:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for $i location services returned: $?"
fi
echo "Setting $i location services returned: $?"
echo ""
((count=count+1))
done
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
sudo cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
elif [[ "$osVers" == *14* ]] ; then
echo "Executing for macOS 14 Sonoma..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
echo "$clients already exists! Moving on..."
echo ""
# Create a backup of the existing client location services file
sudo cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
sudo cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
count=1
for i in $(/usr/libexec/PlistBuddy -c "Print" /private/var/tmp/clients.plist | grep -a :ius.zoom.xos | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | sed "s/..$//");
do
echo "Current key value for key$count:"
echo $(/usr/libexec/PlistBuddy -c "Print $i" $clients)
# Use Plist Buddy to mark-up client plist, enabling Zoom location services
/usr/LibExec/PlistBuddy -c "Set :$i\\::Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :$i\\::Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for $i location services returned: $?"
fi
echo "Setting $i location services returned: $?"
echo ""
((count=count+1))
done
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
sudo cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
#rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
fi
# Display the final return code
exit $?
Could be way off base here, but it really doesn't like writing to that directory. Haven't tested on a lower OS.
I've tested all the way up to Sonoma 14.1.1 and it works just fine. Just make sure that whatever is running the script has Full Disk Access granted. If that is Jamf it should have it automatically (as long as you have the proper boxes checked in Settings/Computer Management/Security to automatically install the PPPC profiles). If you are testing it in Terminal or CodeRunner or something, you'll have to go add the app to Full Disk Access.
Beta 3 of 14.2. So could be a bug but knowing Apple...things to come.
"291BDDC9-1508-47C4-B2E9-EEB42B92BDB6:ius.zoom.xos:" = {
Authorized = 0;
BundleId = "us.zoom.xos";
BundlePath = "/Applications/zoom.us.app";
ClientStorageToken = {length = 32, bytes = 0x956d5c05 24e7b867 84bc0627 525832d2 ... 55274884 7855e965 };
Executable = "/Applications/zoom.us.app/Contents/MacOS/zoom.us";
LocationTimeStopped = "721830478.259725";
PluginBundleIds = (
);
ReceivingLocationInformationTimeStopped = "721830472.978381";
Registered = 1;
Requirement = "identifier \\\\"us.zoom.xos\\\\" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = BJ4HAAB9B3";
};
FYI, I finally got around to testing this on 14.2 beta 3 and it still works just fine. Can you send me a URL to the Zoom installer you are using? I can install it and hopefully figure out where you are running into issues. Thanks!
Actually yes, Sonoma brought about some interesting changes to the format of the plist, including adding an "i" to the beginning, lol. So its icom.microsoft.teams2, for example. I've updated the script since it was originally posted to now recursively handle all Teams instances ("classic" teams and "new" teams). The extension attribute has been updated as well to simply show the true/false values for any Teams instance on the machine so you can basically just create a smart group based on if the extension attribute contains "false" and then have the location enable script automated to run on those.
#!/bin/bash
####################################################################################################
# DESC: When the script runs, it will make a copy of the existing location services
# /var/db/locationd/client.plist to be used in case a revert is needed. Following, we swap 0's
# to 1's within the client.plist for Teams and Teams helper to enable them.
# REFS: N/A
#
# HISTORY
# - v.1.5 Bill Addis, Sep 15, 2023: Added for loop to update all Teams location entries (old Teams and new)
# - v.1.6 Bill Addis, Oct 23, 2023: Added support for Sonoma. Updated script to loop for all Teams versions
####################################################################################################
# Set line debugging
PS4='Line ${LINENO}: '
# Echo mount point in Jamf
echo $1
# Is location services enabled?
location_enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled)
if [[ "$location_enabled" = "1" ]]; then
echo ""
echo "Location Services are enabled, moving on..."
echo ""
else
echo ""
echo "Location Services disabled. Enabling them..."
jamf policy -event location
sleep 3
location_enabled=$(sudo -u "_locationd" defaults -currentHost read "/var/db/locationd/Library/Preferences/ByHost/com.apple.locationd" LocationServicesEnabled)
if [[ "$location_enabled" = "0" ]]; then
echo "Unable to enable location services...exiting"
exit 1
fi
fi
# Does the clients.plist exist?
echo "Current contents of /var/db/locationd directory:"
echo "$(ls /var/db/locationd)"
osVers=$(sw_vers -productVersion)
echo "macOS $osVers currently installed."
if [[ "$osVers" == *12* ]] ; then
echo "Executing for macOS 12 Monterey..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
echo "$clients already exists! Moving on..."
echo ""
echo "Current key values for teams app and teams helper:"
echo $(/usr/libexec/PlistBuddy -c "Print :com.microsoft.teams" $clients)
echo ""
echo $(/usr/libexec/PlistBuddy -c "Print :com.microsoft.teams.helper" $clients)
echo ""
echo "================================="
# Create a backup of the existing client location services file
cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
# Use Plist Buddy to mark-up client plist, enabling Teams' location services
/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :com.microsoft.teams:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Teams app location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams:Authorized true" /private/var/tmp/clients.plist
fi
echo "Setting Teams app location services returned: $?"
/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams.helper:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :com.microsoft.teams.helper:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for Teams helper location services returned: $?"
#/usr/LibExec/PlistBuddy -c "Set :com.microsoft.teams.helper:Authorized true" /private/var/tmp/clients.plist
fi
echo "Enabling Teams helper location services returned: $?"
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
elif [[ "$osVers" == *13* ]] ; then
echo "Executing for macOS Ventura 13 Ventura..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
echo "$clients already exists! Moving on..."
echo ""
# Create a backup of the existing client location services file
cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
count=1
for i in $(/usr/libexec/PlistBuddy -c "Print" /private/var/tmp/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}');
do
echo "Current key value for key$count:"
echo $(/usr/libexec/PlistBuddy -c "Print $i" $clients)
# Use Plist Buddy to mark-up client plist, enabling Teams location services
/usr/LibExec/PlistBuddy -c "Set :$i:Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :$i:Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for $i location services returned: $?"
fi
echo "Setting $i location services returned: $?"
echo ""
((count=count+1))
done
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
elif [[ "$osVers" == *14* ]] ; then
echo "Executing for macOS 14 Sonoma..."
clients="/var/db/locationd/clients.plist"
if [[ -f "$clients" ]]; then
echo "$clients already exists! Moving on..."
echo ""
# Create a backup of the existing client location services file
cp $clients /var/db/locationd/clients.BAK
# Create an extra working backup
cp $clients /private/var/tmp/
# Convert our working backup client plist to xml for editing
plutil -convert xml1 /private/var/tmp/clients.plist
count=1
for i in $(/usr/libexec/PlistBuddy -c "Print" /private/var/tmp/clients.plist | grep -a :icom.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | sed "s/..$//");
do
echo "Current key value for key$count:"
echo $(/usr/libexec/PlistBuddy -c "Print $i" $clients)
# Use Plist Buddy to mark-up client plist, enabling Teams location services
/usr/LibExec/PlistBuddy -c "Set :$i\\::Authorized true" /private/var/tmp/clients.plist
# Check return for last command
if [[ "$?" = "1" ]]; then
echo "Authorized key seems to be missing...re-adding the key"
/usr/LibExec/PlistBuddy -c "Add :$i\\::Authorized bool true" /private/var/tmp/clients.plist
echo "Adding 'authorized' key for $i location services returned: $?"
fi
echo "Setting $i location services returned: $?"
echo ""
((count=count+1))
done
# Convert back to binary
plutil -convert binary1 /private/var/tmp/clients.plist
# Put the updated client plist into appropriate dir
cp /private/var/tmp/clients.plist $clients
# Kill and restart the location services daemon and remove our temp file
killall locationd
#rm /private/var/tmp/clients.plist
else
echo "$clients does not exist...exiting"
exit 1
fi
fi
# Display the final return code
exit $?
And here is the updated extension attribute:
#!/bin/bash
# Force the script to quit if any error encountered
set -e
osVers=$(sw_vers -productVersion)
# Initialize array variable to hold admin usernames
list=()
NL=$'\\n'
if [[ "$osVers" == *13* ]] ; then
echo "Executing for macOS Ventura 13 Ventura..."
for i in $(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}'); do
keyName=$(echo "$i" | awk -v FS=: '{print $2}')
authValue=$(/usr/LibExec/PlistBuddy -c "Print :$i:Authorized" /var/db/locationd/clients.plist)
list+=("$keyName: $authValue${NL}")
done
elif [[ "$osVers" == *14* ]] ; then
echo "Executing for macOS 14 Sonoma..."
for i in $(/usr/libexec/PlistBuddy -c "Print" /private/var/tmp/clients.plist | grep -a :icom.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | sed "s/..$//"); do
keyName=$(echo "$i" | awk -v FS=: '{print $2}')
authValue=$(/usr/LibExec/PlistBuddy -c "Print :$i\\::Authorized" /var/db/locationd/clients.plist)
list+=("$keyName: $authValue${NL}")
done
fi
# Print all items in the list array
/bin/echo "<result>${list[@]}</result>"Just noticed a type in my Extension Attribute above. Here is the correct version:
#!/bin/bash
# Force the script to quit if any error encountered
set -e
osVers=$(sw_vers -productVersion)
# Initialize array variable to hold admin usernames
list=()
NL=$'\\n'
if [[ "$osVers" == *13* ]] ; then
echo "Executing for macOS Ventura 13 Ventura..."
for i in $(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}'); do
keyName=$(echo "$i" | awk -v FS=: '{print $2}')
authValue=$(/usr/LibExec/PlistBuddy -c "Print :$i:Authorized" /var/db/locationd/clients.plist)
list+=("$keyName: $authValue${NL}")
done
elif [[ "$osVers" == *14* ]] ; then
echo "Executing for macOS 14 Sonoma..."
for i in $(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep -a :icom.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | sed "s/..$//"); do
keyName=$(echo "$i" | awk -v FS=: '{print $2}')
authValue=$(/usr/LibExec/PlistBuddy -c "Print :$i\\::Authorized" /var/db/locationd/clients.plist)
list+=("$keyName: $authValue${NL}")
done
fi
# Print all items in the list array
/bin/echo "<result>${list[@]}</result>"
Just noticed a type in my Extension Attribute above. Here is the correct version:
#!/bin/bash
# Force the script to quit if any error encountered
set -e
osVers=$(sw_vers -productVersion)
# Initialize array variable to hold admin usernames
list=()
NL=$'\\n'
if [[ "$osVers" == *13* ]] ; then
echo "Executing for macOS Ventura 13 Ventura..."
for i in $(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep :com.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}'); do
keyName=$(echo "$i" | awk -v FS=: '{print $2}')
authValue=$(/usr/LibExec/PlistBuddy -c "Print :$i:Authorized" /var/db/locationd/clients.plist)
list+=("$keyName: $authValue${NL}")
done
elif [[ "$osVers" == *14* ]] ; then
echo "Executing for macOS 14 Sonoma..."
for i in $(/usr/libexec/PlistBuddy -c "Print" /var/db/locationd/clients.plist | grep -a :icom.microsoft.teams | awk -F '=Dict{' '{gsub(/ /,"");gsub(":","\\\\:");print $1}' | sed "s/..$//"); do
keyName=$(echo "$i" | awk -v FS=: '{print $2}')
authValue=$(/usr/LibExec/PlistBuddy -c "Print :$i\\::Authorized" /var/db/locationd/clients.plist)
list+=("$keyName: $authValue${NL}")
done
fi
# Print all items in the list array
/bin/echo "<result>${list[@]}</result>"Worked for me! Is there an ext. attribute for zoom? I was also able to use the script that @bmcintire posted successfully. Thank you both!
I recently got this working for Zoom. Many thanks to @williamaddis and @bmcintire for doing the heavy lifting. It saved me a ton of time.
I'll confirm that this only works if Zoom is installed via the IT Admin installer: https://amherstcollege.zoom.us/client/5.16.10.25689/ZoomInstallerIT.pkg if Zoom was installed using the standard Zoom client, I saw the same behavior that @bmcintire was reporting. I only tested up to macOS 14.1.2 though so I suppose there could be an additional issue with 14.2+
Simply writing over the original Zoom client with the ZoomInstallerIT.pkg seems to solve the problem, no need to uninstall first.
- Chris
