PPPC for Webex

supersizeal
New Contributor III

Does have information on how to enable PPPC for webex?
Identifier ID, type , etc.

17 REPLIES 17

supersizeal
New Contributor III

Any info on how to Grant Access to Cisco Webex Meetings in Security and Privacy preferences for users without admin rights?
I want to take control of the users computer but can't bc it is not checked off in Accessibility to Allow.

patgmac
Contributor III

Check here: link text

patgmac
Contributor III

sorry, that's for kext's. Need more coffee.

bcbackes
Contributor

@supersizeal you could use this downloadable app: https://github.com/jamf/PPPC-Utility. I picked this up from a different JamfNation post: https://www.jamf.com/jamf-nation/discussions/29996/pppc-and-every-app-known-to-it. Thanks goes to @SCADtom . Basically, you drag the webbed app into the program and it pulls all the correct information like identifier. Then, you can setup the permissions you want, and, can upload it directly into your JSS as a configuration profile. No need to manually create it.

supersizeal
New Contributor III

@ bcbackes
I was able to download and use the PPPC utility and deployed to the computer and set Accessiblity option to Allow but it still is not working. I think this only works if the Cisco Webex software is installed and used on the client computer and I am using the web browser option.
( I think ).

I even opened a ticket with Cisco and the tech was not helpful.

balaji
New Contributor II

Im also facing same issue, unable to grant the access even though deployed using PPPC utility. Any steps to fix ?

RJH
Contributor

@supersizeal I believe I have encountered the same issue, which as I understand it, user without admin can not modify security settings to allow remote control in a webex session by another webex participant. Using PPPC does not allow this setting to be enabled. Does that match your situation ?
I have logged a ticket for this exact issue to Apple Support, who escalated to Engineering, who have acknowledged the issue and are investigating a fix. Feel free to log a ticket, as the more people that raise this issue, the more chance it will get suitable focus.

supersizeal
New Contributor III

@RJH Our school district decided to switch to Zoom so I abandon Cisco Webex.

RJH
Contributor

@supersizeal wow thats a big call, given their (Zooms) history with security (and other) issues. Great for consumer market, but business/education - interesting decision. I'm working within a relatively large corp/enterprise environment with massive security focus, so unfortunately that is not an option for us, at this stage anyway. So we must persist with CiscoWebex, as complex and often painful as it is. Hopefully Apple/Cisco will come up a workable solution soon.

gabester
Contributor III

The challenge I'm having is saving users from this dialog:

"WebExPluginAgent.app" wants access to control "Microsoft Outlook.app". Allowing control will provide access to documents and data in "Microsoft Outlook.app", and to perform actions within that app. This allows Cisco Webex Productivity TOols to integrate with Microsoft Outlook. [Don't Allow] [OK]

0112ad694c9c4471b67b472fdd7b966a
I generated a PPPC config profile giving all the webex things I could find with Address Book, Calendar and Apple Events for Outlook Allowed to no avail, when installing Webex 40 Outlook still prompts. 7eda1adffd4c4018b09cfba91ef51ea6
Try though I might I cannot find anything on my computer called WebExPluginAgent.app to add to this list which is what I assume the issue is, that the name must literally match. Update: I ran find / -name "WebExPluginAgent.app" -type d 2> as a last resource and that did turn up the culprit, and now I have successfully tested a PPPC config profile with now: /Users/Shared/WebExPlugin/WebExPluginAgent.app allowing AppleEvents access to Microsoft Outlook.

FWIW for WebEx screenshare / remote control this is working for us - in Confir Profiles add a PPPC for com.webex.meetingmanager with Bundle ID identifier

"com.webex.meetingmanager" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = DE8Y96K9QP

Then set the APP OR SERVICE to Accessibility and ACCESS to Allow. 7161c0092d3343abbb3070c617847c37

lmeinecke
New Contributor III

I can confirm that using the method above works. Thanks for posting. When I used the PPPC app to generate the file from dropping in the Webex desktop app everything was correct except "com.webex.meetingmanager". For me it populated something similar but different. Once I updated that in Identifier and Code Requirement poof it worked.

RJH
Contributor

@Sterritt Thanks for that post. I've been tearing my hair out to get remote control working and your solution - allowing all file access to "com.webex.meetingmanager" works!. Adding full disk access to either the /Applications/Cisco Webex Meetings.App or the /Users/Shared/WebExPlugin/WebExPluginAgent.app did not work. These translate to com.cisco.webexmeetingsapp and com.webex.pluginagent respectively. Can you advise what app or component the com.webex.meetingmanager relates to ?

el2493
Contributor II

I'm trying to create the PPPC profile mentioned above but when I save the Profile in Jamf it fails to deliver to any computers. I get the message "In the payload (UUID: 0...6), the key 'CodeRequirement' has an invalid value."

Can anyone confirm what needs to be entered there? I tried copying and pasting what @Sterritt mentioned above (along with "identifier " because that's what it looks like in the screenshot) and got that error. Although now I'm looking at the screenshot, there are additional characters around exists as well that I can't make out (could be quotes or could be asterisks. Can anyone post the full bundle ID that needs to be there? I have:

identifier "com.webex.meetingmanager" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = DE8Y96K9

el2493
Contributor II

Looked at another PPPC profile and saw they were asterisks. Entered those in and it delivered the profile. So the Bundle ID is (written as bracketed [asterisk]s since actual asterisks just make the text italic):

identifier "com.webex.meetingmanager" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /[asterisk] exists [asterisk]/ and certificate leaf[field.1.2.840.113635.100.6.1.13] /[asterisk] exists [asterisk]/ and certificate leaf[subject.OU] = DE8Y96K9QP

Jason33
Contributor II

Anyone gotten a PPPC to work in Big Sur? Each variation I try, from the PPPC utility, to the change mentioned by @el2493 results in errors, stating either the coderequirement has invalid value, or authorization has an invalid value.

el2493
Contributor II

I just checked mine and confirmed it was delivered to at least one Big Sur machine. Attached a screenshot of what the Code Requirement I included was (in case my comments weren't clear). Might be a little easier to read than previous screenshot since I clicked to edit it.

You can copy everything from the previous text, but make sure you're manually typing in the asterisks.

dfe2d6070bff4d5fa263c771537acc81

Jason33
Contributor II

Thanks @el2493 , I just fixed my error. I also wanted Accessibility enabled, so had that in the same profile. Once I removed it, it installed fine.