Help

Popup to allow Jamf access to Finder - Privacy Profile installed allowing jamf already Jamf 10.9

jerdill
New Contributor III

Posted on ‎12-21-2018 06:29 AM

I just updated our jamf environment to 10.9 so we could utilize the Privacy Settings Configuration profile and enabled some apps to have Full Disk Access. The Jamf binaries are supposed to be enabled by default it seems as there is a separate Privacy Config Profile just for that. Even after that profile is applied there is still a user prompt to allow Jamf access to finder. Has anybody else seen that?

If I open a terminal window and type in "sudo jamf recon" I also get a complaint to let terminal access calendar/photos etc.. But its using the jamf executable so why wouldn't that be allowed?

Thanks!

Labels:
0 Kudos
Reply
8 REPLIES 8

sshort
Valued Contributor

Posted on ‎12-21-2018 06:59 AM

The profile that Jamf auto pushes covers the bare minimum for Jamf to install itself/operate. If you're getting additional requests to control Finder/etc then there's something in your standard config or enrollment process that requires whitelisting for some AppleEvents. Check out this profile, and you should be good to go.

Reply

jerdill
New Contributor III

Posted on ‎12-28-2018 05:27 AM

Thanks for the response. I had seen that link before. It doesn't seem to fix the issue with terminal though either. Is there a way to use that profile and add in terminal to whitelist? What if I want to whitelist other applications as well?

0 Kudos
Reply

jerdill
New Contributor III

Posted on ‎12-28-2018 05:56 AM

I just came across the PPPC_Utility looks like it lets me build custom profiles easily that way. https://github.com/jamf/PPPC-Utility/releases.

If I choose "to Allow All Files" Do I sitll need to allow all the other items like Photos/Calendar and even specify the Apple Events like SystemUIServer and Finder? Hoping "allow All" is all encompassing and just means that app can do anything?

0 Kudos
Reply

sshort
Valued Contributor

Posted on ‎12-28-2018 06:52 AM

@jerdill For Terminal you'll want full disk access to lower the chance of permissions/access issues in Mojave when running commands/scripts. The most common reason I've seen a permissions pop-up for Photos/Calendar/etc from Terminal is because your Inventory Collection settings in Jamf are set to "Include home directory sizes."

6bfcfbc624584bffb1ade225ad421b59

If you really need/want that data you'll need to add those things into the profile. As you've discovered "All Files" doesn't really mean all files. Check out my Terminal profile as an example, although I don't include Photos/Calendars/Address Book/Reminders.

0 Kudos
Reply

Chuey
Contributor III

Posted on ‎12-28-2018 07:22 AM

I'm using the PPPC Utility. I have a BASH script that I use "Platypus" with that takes my BASH script and creates a .APP file

For some reason I cannot import my app into the PPPC utility.

Would anyone know why I cannot do this?

Thanks in advance.

0 Kudos
Reply

marklamont
Contributor III

Posted on ‎12-28-2018 10:44 AM

@Chuey is it code signed? I think that is a requirement.

0 Kudos
Reply

Chuey
Contributor III

Posted on ‎12-28-2018 11:31 AM

@marklamont Originally it was not -- I made an independent discussion regarding my specific situation and I was able to manually sign my .app with a cert i created in my developer account, then loaded it into PPPC Utility, and added "Finder" to "Apple Events > Allow", upload to my JSS and bang -- it works!

Reply

dng2000
Contributor II

Posted on ‎07-18-2020 04:37 PM

@sshort The profile at https://github.com/rtrouton/privacy_preferences_control_profiles/tree/master/Privacy%20Settings%20Whitelist%20-%20Jamf%20Notifications/Unsigned worked for my environment. Thanks for sharing that! It sure saved me hours from experimenting with my own solution to get rid of those popups to allow Jamf access to the Finder.

Reply