Skip to main content
Question

PPPC Utility - Question on best practice to create config list?

  • October 3, 2018
  • 31 replies
  • 168 views
Show first post

31 replies

donmontalvo
Forum|alt.badge.img+36
  • donmontalvo
  • Hall of Fame
  • February 4, 2019

FWIW, with respect to the osascript prompts, at least with respect to Fusion 11 Pro, their dev team responded to our request for help with this prompt:

Their response:

The customer's issue is that the MDM cannot push out the osascript prompt and his attempt to allow VMware access to System Events via Privacy Payload does not work. According to the attached screenshot "TCC whitelist.png", Fusion access System Events via /usr/bin/osascript, so in TCC.db it is "/usr/bin/osascript" that access System Events, not Fusion, I would suggest the customer to try allowing /usr/bin/osascript access to System Events in Privacy Preferences Policy Control Payload.
--https://donmontalvo.com
A
Forum|alt.badge.img+11
  • allanp81
  • Valued Contributor
  • March 6, 2019


I'm getting totally lost with this whole process. I have created numerous profiles and uploaded them to our JSS running 10.9. Some seem to work as expected but when trying to run things via Self Service that launch scripts I'm still seeing the prompts about allowing jamfAgent to control System Events.

As you can see from my attached screenshot, as far as I can tell I've allowed it to control System Events so not sure why I'm still seeing the prompts?

    S
    Forum|alt.badge.img+6
    • sslavieroGSMA
    • Contributor
    • September 12, 2019

    How do you go about adding in something for Automation section? specifically for the below:

    AVmcclint
    Forum|alt.badge.img+21
    • AVmcclint
    • Esteemed Contributor
    • October 29, 2019

    I'm trying to run the following command via a simple policy's "Files and processes" payload
    osascript -e 'tell application "System Events" to make login item at end with properties {path:"/Applications/Microsoft Teams.app", hidden:false}' but it doesn't seem to work. The log says

    Result of command: 36:131: execution error: An error of type -10810 has occurred. (-10810)

    I tried putting the command in a script and running it from there instead but now I get

    Script result: 36:131: execution error: Not authorized to send Apple events to System Events. (-1743)

    When I run the command via Terminal it works fine, so I have to assume it's a PPPC issue. But how to I build a PPPC profile for an osascript command?

    C
    Forum|alt.badge.img+2
    • chris_fast
    • New Contributor
    • November 20, 2019

    I have the same question as sslavieroGSMA. My infosec team is requiring that we install/patch OpenJDK via Brew. I have the install set to pass the brew install command to a terminal window open as the user via osascript (building off emily's work https://www.jamf.com/jamf-nation/discussions/24803/deploy-homebrew) and get a prompt "Jamf want access to control "Terminal." If manually approved I get

    Running 

    tccutil reset AppleEvents

    removes the entry, but I can't figure out how to build a .mobileconfig file to replicate it.

    A
    Forum|alt.badge.img+11
    • allanp81
    • Valued Contributor
    • November 21, 2019

    Try using the PPPC Utilty from Jamf and drag the Jamf agent binary into the column on the left.

    Terms & ConditionsCookie settingsAccessibility statement