- Jamf Nation Community
- Products
- Jamf Pro
- Safari Sharepoint Plugin -- trusting sites
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-22-2016 07:53 AM
My organization has just changed intranet platforms and is now heavily leveraging SharePoint and Yammer. Does anyone have any ideas for how to pre-populate sites into the trust settings for the Safari SharePoint Plugin? Yes, I know there are security implications with doing this, but right now we're looking at can we do this and then will circle back around to whether or not we should. Effectively I'm trying to find a way to prevent users from getting the "Do you want to trust the website “intranet.mydomain.org” to use the “SharePoint Browser Plug-in” plug-in" popup.
Thanks!
Solved! Go to Solution.
Labels:
- Labels:
-
Plug-ins
2 ACCEPTED SOLUTIONS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-22-2016 09:59 AM
Yes. It's not as easy as it used to be, but I'm almost over complaining about JAMF needlessly deprecating MCX. Almost...
Best granular way to do it now-a-days is a custom config profile payload. Start by creating a fresh profile and trusting the site the way you normally would - install the plugin, visit the site, and trust it. Then you can go into Safari's Preferences > Security > Plug-in Settings and adjust the settings as needed. Once this is set, grab a copy of ~/Library/Preferences/com.apple.Safari.plist from that Mac and convert it to XML:
plutil -convert xml1 /path/to/copy.plistAt this point you can open up the XML-formatted plist file and edit out all of the various keys other than ManagedPluginPolicies (note that this would capture any other plug-in settings you've set, which is why I recommended a fresh profile), and save the resulting "plist snippet". In your JSS, create a user-level Config Profile, and go to Custom Settings. Set your Preference Domain to com.apple.Safari, and upload the plist snippet you made.
Keep track of your snippets; if you needed to make a simple edit, it's easier to start from the snippet and just update a version number or URL. We manage several plugins in way - it allows us to apply the current gatekeeper settings via SUS and, on a site-by-site basis, allow outdated plugins to run (or run in un-sandboxed mode, which is un-safe mode).
HTH.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-23-2016 01:05 PM
@Berrier Other than what @JPDyson said, there is also this Apple KB
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-22-2016 09:59 AM
Yes. It's not as easy as it used to be, but I'm almost over complaining about JAMF needlessly deprecating MCX. Almost...
Best granular way to do it now-a-days is a custom config profile payload. Start by creating a fresh profile and trusting the site the way you normally would - install the plugin, visit the site, and trust it. Then you can go into Safari's Preferences > Security > Plug-in Settings and adjust the settings as needed. Once this is set, grab a copy of ~/Library/Preferences/com.apple.Safari.plist from that Mac and convert it to XML:
plutil -convert xml1 /path/to/copy.plistAt this point you can open up the XML-formatted plist file and edit out all of the various keys other than ManagedPluginPolicies (note that this would capture any other plug-in settings you've set, which is why I recommended a fresh profile), and save the resulting "plist snippet". In your JSS, create a user-level Config Profile, and go to Custom Settings. Set your Preference Domain to com.apple.Safari, and upload the plist snippet you made.
Keep track of your snippets; if you needed to make a simple edit, it's easier to start from the snippet and just update a version number or URL. We manage several plugins in way - it allows us to apply the current gatekeeper settings via SUS and, on a site-by-site basis, allow outdated plugins to run (or run in un-sandboxed mode, which is un-safe mode).
HTH.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-23-2016 01:05 PM
@Berrier Other than what @JPDyson said, there is also this Apple KB
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-02-2016 08:16 AM
