Jamf Nation Community

sk25 · ‎12-26-2023

Guys,

We are using systrack for end point analytics on Macs. Post installation of Systrack agent, we configured profile in Jamf pro of lsiagentd to get allowed on full disk access. After successfully sync between Jamf and device, profile getting installed successfully, but under 'Privacy and Security' it's not getting enabled. Kindly advice.

We tried with bundle id as well as path, no luck. Below is the code requirement we received from systrack.



identifier "com.lakesidesoftware.lsiagentd" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = SQL6SRUA2Y

howie_isaacks · ‎12-26-2023

Can you please post screenshots of your profile payloads? They could help us figure out what may be wrong.

sk25 · ‎12-26-2023

@howie_isaacks please find the screenshot per request

howie_isaacks · ‎12-27-2023

This looks correct. What you are seeing is the on/off switch for full disk access is not toggled to on? I have noticed that some of my agents for which I created profiles to grant them full disk access show the on/off switch toggled off even though I know the agents do actually have full disk access. I used Jamf's PPPC utility to generate the code requirement.

ks25 · ‎12-28-2023

@howie_isaacks I agree with you because when manually create a profile in Intune for Mac for full disk access, I couldn't see the profile under profile section. Later, I used PPPC utility from Github and upload the .mobileconfig in Intune. Immediately able to see the profile under profile section. However still toggle off, but I could see that agents are having full disk access.

Jamf Nation Community

Systrack lsiagent not getting allowed on Full disk access