Question

"jamf" wants access to control "system events"

Forum|Forum|6 years ago
April 30, 2019
108 replies
835 views

leonwun
Contributor

Hey there,

I edited a /bin/bash script that automatically checks the devices uptime and tells the user to restart his computer after 2weeks uptime (with the help of https://www.jamf.com/jamf-nation/discussions/17336/user-has-not-restarted-in-x-number-of-days)

The following part generates the ""jamf" wants access to control "system events"" message for end users:

#!/bin/bash

# Discover logged in user
user=`stat -f%Su /dev/console`

#Execute code as logged in user (instead of root)
sudo -u $user /usr/bin/osascript <<-EOF

tell application "System Events"
    activate
    set question to display dialog "The device has not been restared for [...]"
with title "RESTART YOUR COMPUTER" buttons {"Shut Down", "Restart", "Cancel"} ¬
cancel button "Cancel" with icon caution
    set answer to button returned of question
    if answer is equal to "Shut Down" then
        tell application "System Events"
            shut down
        end tell
    end if
    if answer is equal to "Restart" then
        tell application "System Events"
            restart
        end tell
    end if
    if answer is equal to "Cancel" then
        return
    end if
end tell
EOF
exit 0
fi

I already read the thread (https://www.jamf.com/jamf-nation/discussions/30388/loginwindow-wants-access-to-control-system-events) but couldn't find the solution there. The issue seems to be the tell / end tell statement but I can't find a way to change the script.
I tried several PPPCs and gave JAMF access to Accessibility, System Events and everything else that's required.

The script itself works fine.
Can someone help me out here?

Show first post

Forum|pagination.label 5 / 5

+18

GabePPS
Esteemed Contributor
Forum|Forum|3 years ago
June 9, 2022

@GabePPS wrote:
Yea, unfortunately it still doesnt seem to work for me. I think its all related to accessibility which cant get the same path for osascripts. At one point with @Bol hints, I was able to have the jamf wants access message suppressed but then it popped the accessibility message for osascript. So I never got them both working together and its because my script wants to type info in the keyboard which Apple really does't want anything to do anymore lol.

@GabePPS Well, if you haven't given up on your Apple Script dreams yet.. It's just been acknowledged in testing so hopefully next major release, you could be back in business!

Resolves an issue where PPPC payloads for Accessibility and AppleEvents do not suppress user approval prompts.

I believe this is in regard to an open radar i got escalated up the the MacOS security team. (Or at least id like to think I had something to do with it lol.)

Apparently they listen when someone brings up issues listed as "security related" lol.

GabePrinceton Public Schools

+18

GabePPS
Esteemed Contributor
Forum|Forum|3 years ago
June 9, 2022

@Bol Actually I just got confirmation that Apple did fix this bug per my escalation from my SE. They are asking me to test it...so now i need to get a machine on the beta and test my enrollment!

GabePrinceton Public Schools

+11

Bol
Contributor
Forum|Forum|3 years ago
June 10, 2022

@Bol Actually I just got confirmation that Apple did fix this bug per my escalation from my SE. They are asking me to test it...so now i need to get a machine on the beta and test my enrollment!

@GabePPS wrote:
I believe this is in regard to an open radar i got escalated up the the MacOS security team. (Or at least id like to think I had something to do with it lol.)
Apparently they listen when someone brings up issues listed as "security related" lol.

Well it's security related x 1000 from now on then. :D

Honestly though, it's to do with their Transparency, Consent, and Control security and has been bugged for a length of time now, it's a great thing finally been acknowledged, worked on and hopefully resolved.

Kudos to you for the radar rocket sent and let us know as soon as you've had the chance to test with your results!

+13

jbutler47
Valued Contributor
Forum|Forum|3 years ago
June 29, 2022

@Bol Actually I just got confirmation that Apple did fix this bug per my escalation from my SE. They are asking me to test it...so now i need to get a machine on the beta and test my enrollment!

@GabePPS Very curious about your results after your test, how did things go?

Tim_Apple
Contributor
Forum|Forum|2 years ago
March 22, 2023

Any news here? I still try to figure out how to fix this

+11

Bol
Contributor
Forum|Forum|2 years ago
March 24, 2023

What are you trying to fix, it was mentioned Apple did sort the system events bug filed by @GabePPS

https://community.jamf.com/t5/jamf-pro/quot-jamf-quot-wants-access-to-control-quot-system-events-quot/m-p/267613/highlight/true#M245041

+18

GabePPS
Esteemed Contributor
Forum|Forum|2 years ago
May 9, 2023

As I have tested this since Apple told me it was fixed, it still seems to be broken

GabePrinceton Public Schools

+11

Bol
Contributor
Forum|Forum|2 years ago
May 10, 2023

I was going to post here last night it seems to be working for me. Very buggy getting there and I found whitelisting the binary worked better, somehow.
I wrote a script on login / self service that launches Safari homepage / MS SSO dialogue box, then pre fill the users email address and hits enter. There are other profiles at play though, I haven't yet pulled what I think is not needed to see if it breaks it yet.

Forum|pagination.label 5 / 5

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded