History - We currently have all of our Computer Level Profiles install as the device is enrolled, apps/system settings/etc. Followed the same workflow for the Managed Login Items (mix of Team ID and label, depending on need) for Ventura.
Issue - If the Profile is present (enrollment) before the base application stack is installed, post-app install the Login Item slider is NOT grayed out. No matter if rebooted, etc. Always able to slide it off/on. Unexpected behavior as we see it.
If no Profile present, install our application stack, and THEN apply the Profile, the sliders are grayed out and cannot be altered.
I suppose the question is...is this expected?
Should the Login Items Profile not be applied until after the targeted applications are installed? This would run contrary to our normal workflow for Profiles that has been in use for some time (Profile first, then apps, etc).
That should not be correct. We apply our Managed Login Items profile immediately during enrollment, long before some of the affected applications get installed. And all of them are correctly enabled and greyed out.
That is what we thought should be happening. Spoke with our Apple Rep and he advised asking here (maybe Slack) to get more input.
If more folks are seeing the opposite of what we see, sounds like it might be Jamf Support time...
I have not seen this behavior. Is it just a single application doing the thing, or any application providing the conditions are met does the thing? (thing being the manage login items is not enforced correctly)
Hrm, it could be a bug with that specific application and how it handles background services since that is a relatively new feature of macOS.
The two things my brain goes to:
Applications are up to date, most using built-in auto update mechanisms. Everything Ventura certified.
It is affecting all applications that we wish to block the user from touching the slide under Login Items. Whether we set one or five.
It is one Config Profile that is controlling only the settings for the Login Items (encompassing the apps we wish to gray out). Example name: "Managed Login Items - OurCompanyName v1.0"
I'm getting this behavior while deploying CrowdStrike Falcon.
I'm pretty sure that the CrowdStrike Configuration Profile is installed before the Falcon app (since CPs are deployed faster than policies).
I verified 3 laptops and all their Login Items for the particular CrowdStrike Profile is not greyed out 😑
Did you manage to fix this issue, please ?