Help

Managing Accessibility - Full Keyboard Access

Go to solution
CAL
New Contributor

‎04-20-2023 07:45 AM - edited ‎04-20-2023 07:47 AM

Hey all, I'm looking to restrict our users (K-12 students) from enabling Full Keyboard Access in System Preferences - Accessibility - Keyboard. I've identified the plist key value, FullKeyboardAccessEnabled and FullKeyboardAccessFocusRingEnabled, created a plist and set the -int to 0 and uploaded it to Jamf in a profile with Application & Custom Settings. While I'm used to custom .plist files "graying out" the option to enable/disable items, this one doesn't seem to do anything to restrict the user. Thoughts?

This would only be a temporary management profile to get our district through state testing. I don't like locking down Accessibility options, but a request has been made.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
AJPinto
Honored Contributor II

Posted on ‎04-21-2023 06:53 AM

You can restrict System Settings > Accessibility. At least JAMF has the option in the configuration profile, but it may have been broken with Ventura and JAMFs love of tech debt has not removed it yet.

 

For your configuration profile, check the location of the plist you are changing. Just because the domain exists, does not mean it can be managed.

  • Non-managed stuff goes in /Library/Preferences, or /User/{userID}/Library/Preferences.
  • Managed preferences go in /Library/Managed Preferences and /Library/Managed Preferences/{userID} for MDM enabled users.
  • Not all domains are configured to respect /Library/Managed Preferences.

In the likelihood this cannot be managed the best you could do is package your plist and push it overriding the existing plist on the device. It would not be managed, and a crafty user could just delete the plist but until they do that the Mac should behave as you expect. Apple has a pretty strong history of not allowing management over things they feel users should control. This seems like it would fit the bill of something apple would feel should be under user control.

View solution in original post

2 REPLIES 2

Go to solution
AJPinto
Honored Contributor II

Posted on ‎04-21-2023 06:53 AM

You can restrict System Settings > Accessibility. At least JAMF has the option in the configuration profile, but it may have been broken with Ventura and JAMFs love of tech debt has not removed it yet.

 

For your configuration profile, check the location of the plist you are changing. Just because the domain exists, does not mean it can be managed.

  • Non-managed stuff goes in /Library/Preferences, or /User/{userID}/Library/Preferences.
  • Managed preferences go in /Library/Managed Preferences and /Library/Managed Preferences/{userID} for MDM enabled users.
  • Not all domains are configured to respect /Library/Managed Preferences.

In the likelihood this cannot be managed the best you could do is package your plist and push it overriding the existing plist on the device. It would not be managed, and a crafty user could just delete the plist but until they do that the Mac should behave as you expect. Apple has a pretty strong history of not allowing management over things they feel users should control. This seems like it would fit the bill of something apple would feel should be under user control.

Go to solution
CAL
New Contributor
In response to AJPinto

Posted on ‎04-24-2023 09:26 AM

Thank you for the detailed response, it was a big help!

Since our number of users with this feature on is small, we will deal with it on a case-by-case basis.

0 Kudos