Privacy Preferences Policy Control Woes


Struggling a tad with the new Privacy Preferences Policy Control feature in Jamf and was wondering if anyone has any suggestions.

I created a profile, scoped my test machine and added the following
As IDENTIFIER I tried both
/Applications/Vmware Horizon with path
com.vmware.horizon as Bundle ID

Then at CODE REQUIREMENT I entered
identifier "com.vmware.horizon" and anchor apple generic and certificate 1[field.1.2.840.113635.] / exists / and certificate leaf[field.1.2.840.113635.] / exists / and certificate leaf[subject.OU] = EG7KH642X6

And lastly for APP OR SERVICE I set Accessibility to Allow

This profile will deploy but nothing changes on the target machine. The VMware entry in accessibility stays unticked. Where am I going wrong? The log files show it should function, no errors.


Valued Contributor

heres 2 cents, not 100% guaranteed but its somewhere to poke around. hope it helps.

I have no experience with VMWare but I have come across some applications not actually being allowed when utilizing the fullly package application.

ie. /Applications/Vmware Horizon

I've found that targeting the specific function within the app does the trick. Try right clicking Vmware Horizon & showing the package contents and targeting the application that way.

ie. /Application/Vmware Horizon Horizon might be multiple or named differently)

Sometimes the .apps within need specific handling for whatever reason......

Looking for a Jamf Managed Service Provider? Look no further than Rocketman

Valued Contributor

@vanschip-gerard The test for if the profile was correctly applied is to check if the profile exists in the Profiles prefpane in System Preferences, and that the user does not encounter the Accessibility permission pop-up window. The apps found in the Privacy section you were looking at only appear for user-approved apps. Apps whitelisted by an admin and pushed with Jamf will not appear there.

Legendary Contributor II

As @sshort mentioned, anything applied for approval via a PPPC Config Profile isn't going to show up in the GUI where you are looking. It will show up in the Profiles preference pane though.

Another thing is, how did you create this profile? Did you manually create it? If so, I would consider using the PPPC Utility from Jamf as it does a very good job of creating these profiles without needing to manually create them or guess at settings. Your code requirement section looks ok, but it's not the easiest to tell from here if there is anything wrong with it. The utility takes any guesswork out of it though, which is why I recommend looking at that.


@sshort well that explains a lot. I kept looking at the GUI to see if my profile was being effective. Apart from the app working, is there a way to see it?


@mm2270 I did use the PPPC Utility. The instructions on the Jamf page had slightly different wording and that would not parse, copy and paste from the PPPC Utility worked fine.

Ok, will be adding some now, see if apps indeed behave correctly. It not showing in the GUI makes sense I guess, as its being applied system level.

Legendary Contributor II
Apart from the app working, is there a way to see it?

You should see the profile itself in the Profiles Preference Pane, unless that is disabled with a Restrictions profile. If it is, you can use the profiles command in Terminal to view the installed profiles.

sudo profiles -Pv | awk -F': ' '/attribute: name:/{print $NF}'

New Contributor III

Hi, I am trying to deploy VMWare Horizon View client and trying to configure the accessibility part, I tried making the config profile but getting an error, can you share a screenshot of how to make the profile? I don't understand how to fill out the fields? I am assuming this is working for you @vanschip-gerard since you have not posted since march?

Marc V


Hi @NPU-Casper I used the PPPC Utility to get the right info into Jamf Pro:

You simply drag it on, fill out how you want it and either upload or as I did, copy and paste the tag at the top. Seems to work.