I use Jamf's PPPC Utility to build PPPC profiles. I install the software, run it, and screenshot all the PPPC prompts. I then use the utility to build and upload. link text

I will be testing, but haven't yet, I did find these articles
link text
link text
It sounds like they will have a driver 6.3.42 this month that runs on M1 correctly, and 6.3.41 is the bare minimum to get it to function with some issues.

I have see the PPPC Utility and have it downloaded to my computer. Can you elaborate more on what you did? I'm not following...

(Edit Post Cleanup)

@kwoodard 

Jamf's PPPC utility allows you to make Privacy Preferences Policy Control (PPPC) profiles more easily.

I use this mainly for lab environment where students don't have admin rights and I want to minimize the distraction from the learning process & prevent confusion.

I first install & run the software on a machine that's never had the software installed. Every single PPPC pop-up of X wants Y access, I take a screenshot (for record keeping). I then also go in to System Preferences -> Security and Privacy -> Privacy Tab and look at all the categories also look for the software for PPPC prompts that may not of tripped yet.

Most software, it's drag the application to the left column select the various drops down options, then upload to Jamf. I then scope the profile to another test machine that's also never had the software, verify the profile is installed, install the software, and see if I still get any PPPC prompts.

An Example - Firefox wants access to the download folder.

You drag firefox app to the left column, and use the drop down to select approve for the download folder.

Upload it to jamf via the PPPC utility, and it creates this for you

When a machine has this profile installed,  when Firefox tries to access the download folder just works without prompting the user.

Important Note - There are some PPPC permissions you can not per-approve, per Apple. Example Camera, Microphone.

Found this Youtube video that shows (with slightly older version of the PPPC utility) good overview

(Edit Cleanup)

@thebrucecarter 

Now for my Wacom Tablet Driver - Lab Profile. They have the Pen Displays for our Art, Media, and Design lab which trips a slew of PPPC prompts. This took much testing, trial and error.

com.wacom.wacomtablet -> Access to System Preferences

 com.wacom.Wacom-Desktop-Ceter -> Access to System Preferences & All Files

com.wacom.Wacom-Display-Settings -> Access to All Files

com.wacom.RemoveWacomTablet -> Access to All Files

 com.wacom.IOManger -> Access to Accessibility

 com.wacom.TabletDriver -> Access to Accessibility

 com.wacom.WacomTouchDriver -> Access to Accessibility

This is awesome! Thank you so much. I am going to be giving this a try right now.

@CSCC-JS where did you find com.wacom.wacomtablet ? I am not locating that one and a Google search is not helping. Is it named something else?

@CSCC-JS I found com.wacom.wacomtablet...

Got Mojave and Catalina setup, Big Sur is giving me an error (even thought the values are the same, and I did check the "Big Sur" slider and have it scoped to Big Sur boxes only). Trying to sort that out at the moment.

Haven't updated the labs to big Sur, that's coming however.

Which prompts are you getting?

This is the error that the Big Sur PPPC is throwing...  

In the payload (UUID: BE4BA8FF-C6CF-4C8C-9BF1-0143412146A8), the key 'Authorization' has an invalid value.

Doesn't give me anything more than that. Sigh...

Hi @kwoodard, and anyone else looking for help on this one.

The PPPC Utility profiles (using latest as of this writing, 1.4) still don't completely create Big Sur compatible profiles, oddly. For certain things that changed from previous versions to Big Sur, you still have to manually edit them once they are uploaded to your server.

For instance with SystemPolicyAllFiles access, once you've uploaded it you have to edit the profile, then scroll down and click edit for that app/service and click edit (again), and it will automatically change to a valid choice (in this case from "Allow Standard Users to Access" to  "Allow"). Then click Save for that item, and repeat for every other item in the profile. Anything that has a valid selection already will not automatically change, so can be saved as is.

Once done with every item, save the overall profile, and the installation should succeed on your scoped Big Sur machines.

When uploading this PPPC profile to Jamf JSS server from the Jamf PPPC Utility 1.4, does the profile need to be signed?

Not in this case. There are circumstances where it needs to be, but generally not needed when doing from the utility in my experience.

How did you find the IOManager one? I can't find it as a file anywhere. I found the Wacom Tablet Driver, but not that one.

I had to do this and add a few more "app or service" but I got it to deploy. Now I need to test it on a new machine to see if the end user gets any more prompts. Hope to know in the next few days.

FYI:

Here is a list of binaries, preference domains (aka Bundle IDs) and paths with Wacom Tablet 6.3.44-2:

WacomTabletDriver.app → com.wacom.wacomtablet → Access to System Preferences
Path: /Applications/Wacom Tablet.localized/.Tablet/WacomTabletDriver.app

Wacom Desktop Center.app → com.wacom.Wacom-Desktop-Center → Access to System Preferences & All Files
Path: /Applications/Wacom Tablet.localized/Wacom Desktop Center.app

Wacom Display Settings.app →com.wacom.Wacom-Display-Settings → Access to All Files
Path: Path: /Applications/Wacom Tablet.localized/Wacom Display Settings.app

Wacom Tablet Utility.app → com.wacom.RemoveWacomTablet → Access to All Files
Path: /Applications/Wacom Tablet.localized/Wacom Tablet Utility.app

com.wacom.IOManager.app → com.wacom.IOManger → Access to Accessibility
Path: /Library/PrivilegedHelperTools/com.wacom.IOManager.app

TabletDriver.app → com.wacom.TabletDriver →Access to Accessibility
Path: /Applications/Wacom Tablet.localized/.Tablet/TabletDriver.app

These binaries also have entitlements, but not sure if they are or aren't needed yet...

WacomMultiTouch.framework → com.wacom.MultiTouch → PPPC?
Path: /Library/Frameworks/WacomMultiTouch.framework

WacomCloudSDK.framework → com.wacom.FirmwareUpdater → PPPC?
Path: /Applications/Wacom Tablet.localized/Wacom Desktop Center.app/Contents/Frameworks/WacomCloudSDK.framework

FirmwareUpdater.app → com.wacom.FirmwareUpdater → PPPC?
Path: /Applications/Wacom Tablet.localized/.Tablet/FirmwareUpdater.app

com.wacom.DataStoreMgr.app → com.wacom.WacomTouchDriver → PPPC?
Path: /Library/PrivilegedHelperTools/com.wacom.DataStoreMgr.app

WacomTablet.prefpane → com.wacom.ProfessionalControlPanel → PPPC?
Path: /Library/PreferencePanes/WacomTablet.prefpane

Hi @kwoodard 

You can use Suspicious Package open the installer package and search for the Bundle ID...

Don't forget to add ListenEvent = Allow Standard Users to Allow Access for each of your PPPC items.

Please forgive if this is a dumb question... is there a fast way to get the text of the code requirements for each of these?

---

@demuthp wrote:

Please forgive if this is a dumb question... is there a fast way to get the text of the code requirements for each of these?

---

@demuthp Pretty sure you figured this out by now, but if not, have a look at the Terminal output for the different bits and pieces of Wacom.

https://community.jamf.com/t5/jamf-pro/monterey-m1-and-pppc-you-re-killing-us-wacom/m-p/264566