"Jamf" would like to administer your computer

MikaelDez
Contributor

Hey everyone,

I created a policy that updates our McAfee ePO agent, and when it runs I get a pop up to allow Jamf to administer my computer. I googled around and found the JamfAppleEvents.mobileconfig on GitHub, uploaded that to Jamf and I'm still getting the pop up (screenshot attached).

It's interesting to note that this only happens when upgrading McAfee. If the agent is not already installed the policy runs fine, but when I run the policy to upgrade McAfee I receive this pop up. Clicking allow completes the policy and it is successful.

Any ideas?

92dcdd44e0d746fda241cd789198c38d

2 REPLIES 2

kgam
Contributor

@mikedesmarais Did you ever find out why you received this prompt? I have created a similar policy to upgrade McAfee (agent and client) and I'm getting the same prompt now.

gabester
Contributor III

I'm still plagued with this on the devices I can't use with ABM yet... also referenced in detail here:

https://www.jamf.com/jamf-nation/discussions/30430/jamfagent-would-like-to-administer-your-computer

I've tried everything including tearing my hair out to no avail. In my case a script called in a policy that's running sysadminctl to add a securetoken to a user seems to be generating this prompt; I've taken that standard JamfAppleEvents.mobileconfig and added sysadminctl with allowed accessibility, admin files, all files (since it specifically seems to hang on creating a new home folder for the user.) I deduced this from getting the contents of the policy output from /Application Support/JAMF/tmp/POLICY##.tmp and that was the next line that appeared AFTER I clicked ALLOW.

@kfalato 's comment on this thread led me in the right direction:

/usr/bin/log show --predicate 'subsystem == "com.apple.TCC"' | grep Prompting

Clued me in that, as expected, my script running sysadminctl is indeed triggering an approval prompt from JamfManagementService... but adding sysadminctl to the PPPC and Allowing Accessibility, Admin Files, and All Files did not do the trick. Any other thoughts?