What needs to be whitelisted? We’re on 10.7.1, so the jamf binary i know is taken care of I believe by being on that.
We have tons of scripts and extension attributes that run that are bash, python, and some that call osascript. Do we have to give full access to the bash and sh shell? That seems silly. But if we don’t will users get prompted anytime a policy runs or they run a policy from self service that uses a script?
Are these covered since they’re being ran by jamf?
Gotta Love it! Only if Apple Provided First Party Solutions! Or gave root r/w access to the tcc.db sigh