PPPC Profile randomly fails

perryd84
Contributor III

Hi All,

We use ISL for remote assistance. I added a new line as per ISL supports guidance but then the PPPC profile started to fail on random devices.

I've removed the additional line but the profile is still failing on random devices.

The error in the management log is:
"In the payload (UUID: 5C3CDB37-76DB-4AC6-B82E-ACCF1F2A9345), the required key 'Allowed' is missing."

Now, I'm not using a key that has "allowed" as an option, it's just "Deny" or "Allow standard user to allow" which is what I choose.

Anyone come across this issue before?

22 REPLIES 22

alessio_tedesco
New Contributor III

For reference, I've the same issue with TeamViewer and I noted that using big sur it works, while with catalina fails with that error message

user-cPzCreNEfg
New Contributor

Don't suppose you've tracked down a cause, have you?

perryd84
Contributor III

Jamf support told me that it looks like a bug in Jamf and they will look into fixing it in a future release and thats all I got.

maggieko
New Contributor

Just want to drop a me too in here. Our cloud instance was updated to 10.28 and im seeing this in a PCCC profile and in my case it seems to be only failing on 10.15.7 machines so thats fun :( Big Sur and the couple of mojaves I still have kicking around are taking the same profile fine.

isThisThing0n
Contributor

Are you referring to giving the app access to screen recording via a PPPC policy payload?

I believe the "Allow standard user to allow" key is only valid on Big Sur and any previous OS will reject it producing that error.

Interesting – I wonder if newer OSes also reject it.

Anyone have thoughts on this?

Edit: I'm blind – newer OSes do not reject it, though I do recall having to manually grant Screen Recording permissions for TeamViewer. The other two permissions were applied successfully by the profile.

igal_tovievich
New Contributor II

We also have exactly the same issue. The UUID is different, but the error is the same - Mojave and Big Sur both complete successfully, Catalina comptuers all fail.

Igal Tovievich
IT Manager

ian_sterling
New Contributor II

@Perry84 Any updates on this from Jamf? We've started seeing it also. And it definitely appears to be 10.15.7.

perryd84
Contributor III

No word from Jamf :(

I've just excluded Catalina devices now as we had a massive problem where all the failed profile installs filled up our logs and our Jamf instance basically fell over!!!

bgrant11
New Contributor III

Same here. Only the Cat's fail. 

DanJ_LRSFC
Contributor III

Has there been any update on this issue? As we are seeing it with our PPPC configuration profile for allowing Screen Recording for Microsoft Teams.

-christian-
New Contributor

Any news about this topic?

I'm facing the same issues. With screen recording and listen events.
Jamf Pro 10.33 and macOS 10.15 clients.

perryd84
Contributor III

I managed to find a config profile which enables a bunch of remote support apps. I cant find the original so whoever made it deserves the credit but I'm just sharing it on my github as I cant find the original.

https://github.com/PezzaD84/PPPC-Screensharing

This seems awesome. Do you happen to know if this is still working in Big Sur, Monterey, and Catalina?

perryd84
Contributor III

Since the latest jamf update the settings instantly change from "allow" to "allow user to allow" so the profile is a little redundant in that your users still have to go tick a box now.

sudoErase
New Contributor III

Did anyone find a way to get this working for Catalina? 

PPPC utility or github's https://github.com/poundbangbash/community-screenrecording-pppc-profile

 

either one doesnt work for Catalina.

This failure results due to the changes Apple made on Screen Recording (Jamf: Screen Capture) 

The function "Let Standard Users Approve" doesnt work it seems.

NOTE: 

When I use PPPC Utility, it shows a "Compatibility Warning" and basically states it will cause error for Screen recording.

 

Anyone found a new way to get around this? 
Our setup:

users are standard users. We dont give out admin creds (obviously).

But users cant "Allow" without admin creds to unlock the little lock on the bottom left.

rcole
Contributor II

Anyone able to find a solution for this?

jschlimmer
New Contributor III

Create two configuration profiles, one for Big Sur and newer, the other for Catalina and prior. I have a number of these.

MNussbaum
New Contributor III

Can you share what your Catalina profile looks like to create the second one specifically for users on that OS?

jschlimmer
New Contributor III

You simply cannot use that option on Catalina. There is no workaround except admin permissions (At the time, SAP enterprise privileges app was extremely useful for this problem. https://github.com/SAP/macOS-enterprise-privileges)

I created separate profiles for each OS for the other PPPC permissions the apps needed, like folder access, notifications, events, accessibility, blah blah.

Real solution? Upgrade your Catalina users ASAP.

MNussbaum
New Contributor III

Got it, thank you for the response! Misunderstood your previous post, thought you were saying you had profile details for Catalina and prior. In the process of getting everyone off of Catalina, but was hoping for a quick solution in the meantime.

jschlimmer
New Contributor III

Yeah, my answer was a bit off the cuff and not 100% clear, sorry about that!

Good luck with the upgrades, its always a fun time.