1 ACCEPTED SOLUTION
(Edit Cleanup)
Now for my Wacom Tablet Driver - Lab Profile. They have the Pen Displays for our Art, Media, and Design lab which trips a slew of PPPC prompts. This took much testing, trial and error.
com.wacom.wacomtablet -> Access to System Preferences
com.wacom.Wacom-Desktop-Ceter -> Access to System Preferences & All Files
com.wacom.Wacom-Display-Settings -> Access to All Files
com.wacom.RemoveWacomTablet -> Access to All Files
com.wacom.IOManger -> Access to Accessibility
com.wacom.TabletDriver -> Access to Accessibility
com.wacom.WacomTouchDriver -> Access to Accessibility
(Edit Post Cleanup)
Jamf's PPPC utility allows you to make Privacy Preferences Policy Control (PPPC) profiles more easily.
I use this mainly for lab environment where students don't have admin rights and I want to minimize the distraction from the learning process & prevent confusion.
I first install & run the software on a machine that's never had the software installed. Every single PPPC pop-up of X wants Y access, I take a screenshot (for record keeping). I then also go in to System Preferences -> Security and Privacy -> Privacy Tab and look at all the categories also look for the software for PPPC prompts that may not of tripped yet.
Most software, it's drag the application to the left column select the various drops down options, then upload to Jamf. I then scope the profile to another test machine that's also never had the software, verify the profile is installed, install the software, and see if I still get any PPPC prompts.
An Example - Firefox wants access to the download folder.
You drag firefox app to the left column, and use the drop down to select approve for the download folder.
Upload it to jamf via the PPPC utility, and it creates this for you
When a machine has this profile installed, when Firefox tries to access the download folder just works without prompting the user.
Important Note - There are some PPPC permissions you can not per-approve, per Apple. Example Camera, Microphone.
Found this Youtube video that shows (with slightly older version of the PPPC utility) good overview
(Edit Cleanup)
Now for my Wacom Tablet Driver - Lab Profile. They have the Pen Displays for our Art, Media, and Design lab which trips a slew of PPPC prompts. This took much testing, trial and error.
com.wacom.wacomtablet -> Access to System Preferences
com.wacom.Wacom-Desktop-Ceter -> Access to System Preferences & All Files
com.wacom.Wacom-Display-Settings -> Access to All Files
com.wacom.RemoveWacomTablet -> Access to All Files
com.wacom.IOManger -> Access to Accessibility
com.wacom.TabletDriver -> Access to Accessibility
com.wacom.WacomTouchDriver -> Access to Accessibility
Hi @kwoodard
You can use Suspicious Package open the installer package and search for the Bundle ID...
Hi @kwoodard, and anyone else looking for help on this one.
The PPPC Utility profiles (using latest as of this writing, 1.4) still don't completely create Big Sur compatible profiles, oddly. For certain things that changed from previous versions to Big Sur, you still have to manually edit them once they are uploaded to your server.
For instance with SystemPolicyAllFiles access, once you've uploaded it you have to edit the profile, then scroll down and click edit for that app/service and click edit (again), and it will automatically change to a valid choice (in this case from "Allow Standard Users to Access" to "Allow"). Then click Save for that item, and repeat for every other item in the profile. Anything that has a valid selection already will not automatically change, so can be saved as is.
Once done with every item, save the overall profile, and the installation should succeed on your scoped Big Sur machines.
