Posted on 09-29-2021 12:50 PM
We're currently experiencing the issue of Intel-based Macs on Big Sur needing permissions to upgrade the B&S app to Google Drive For Desktop. I have a config profile made with a PPPC, Approved Kernel Extensions, and System Extensions payloads to bypass needing admin credentials entered to make those changes, though I've found that on a few machines running Catalina 10.15.7 that have Backup & Sync installed, it still asks for permissions changes that require admin credentials entered before the app is updated/changed--ones that are doing a fresh install of GDfD via Self Service policy don't seem to be affected. Is there a script I can use that will fully remove Backup & Sync and associated files, in order to attempt a fresh install of GDfD?
Posted on 09-29-2021 01:35 PM
Sorry to sidetrack the thread a little but have you been able to get Google Drive to even work on BS? I've been playing with it as well and have run into kernel extension issues, even though I approved one, perhaps there are more that I didn't see? Regardless even when disabled SIP in recovery mode it would work but as soon as I enabled SIP again it stopped work again without ever prompting in S&P. I found a lot of threads from people having similar issues.
Posted on 09-30-2021 05:53 AM
The few test machines we've tried it on seemed to have worked, though I know it's possible that could change day-to-day. It seems that users that do a fresh install of GDfD via our Self Service policy are unaffected as of yet, but the ones who had either B&S or GFS installed before updating the app are still getting S&P permissions errors.
This is the config profile we're using:
I referenced @Geissbuhler 's posts in this thread to build it--not a complete fix but has seemed to work on machines fitting certain criteria.
Posted on 10-04-2021 08:42 AM
Alright now its asking users for S&P permissions again, so I suppose this doesn't work yet...
Posted on 10-04-2021 09:31 AM
We're a Google Workplace enterprise customer so I opened a case with them after messing with it some more and was not able to get it to work without disabling SIP. I'll let you know what they come back with.
Posted on 10-04-2021 09:47 AM
Awesome, much appreciated!
Posted on 10-05-2021 10:45 AM
My chat with Google Enterprise Support basically resulted in the support rep telling me "that is beyond the scope of what we can do"...hopefully you and others have better luck.
Posted on 10-04-2021 08:45 AM
Well we figured out how to remove B&S using a preinstall script in Composer, but now users are being prompted for S&P permissions again, so the config profile doesn't work like I previously thought. 😞
Posted on 10-20-2021 07:03 AM
In the System Extensions payload I had made, I had "Allowed Team Identifiers" selected from the drop-down menu, when I should've had "Allowed System Extensions" selected. This paired with our script for removing B&S seems to work--users are not restricted by admin credentials and just have to follow on-screen prompts...for now!