Posted on 12-26-2023 09:46 AM
Guys,
We are using systrack for end point analytics on Macs. Post installation of Systrack agent, we configured profile in Jamf pro of lsiagentd to get allowed on full disk access. After successfully sync between Jamf and device, profile getting installed successfully, but under 'Privacy and Security' it's not getting enabled. Kindly advice.
We tried with bundle id as well as path, no luck. Below is the code requirement we received from systrack.
identifier "com.lakesidesoftware.lsiagentd" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = SQL6SRUA2Y
Posted on 12-26-2023 12:16 PM
Can you please post screenshots of your profile payloads? They could help us figure out what may be wrong.
Posted on 12-26-2023 09:10 PM
@howie_isaacks please find the screenshot per request
Posted on 12-27-2023 09:43 AM
This looks correct. What you are seeing is the on/off switch for full disk access is not toggled to on? I have noticed that some of my agents for which I created profiles to grant them full disk access show the on/off switch toggled off even though I know the agents do actually have full disk access. I used Jamf's PPPC utility to generate the code requirement.
Posted on 12-28-2023 02:00 AM
@howie_isaacks I agree with you because when manually create a profile in Intune for Mac for full disk access, I couldn't see the profile under profile section. Later, I used PPPC utility from Github and upload the .mobileconfig in Intune. Immediately able to see the profile under profile section. However still toggle off, but I could see that agents are having full disk access.