Looking to create PPPC profile to allow Accessability for the Zoom app using:
Computers: Configuration Profiles: Privacy Preferences Policy Control
While the identifier is:
Identifier Type is:
I'm not sure what needs to be entered in the Code Requirement
App or Service:
In the past I used the GitHub PPPC utility to create the profile.
Thank you for the screengrab @geoff.widdowson
I have entered the following in the
Code Requirement field
identifier “us.zoom.xos” and anchor apple generic and certificate 1[field.1.2.840.1136220.127.116.11.6] /* exists */ and certificate leaf[field.1.2.840.113618.104.22.168.13] /* exists */ and certificate leaf[subject.OU] = BJ4HAAB9B3
The profile fails to install with the following error:
In the payload (UUID: E9B95040-FD5F-4FCC-8299-5D3960ED0466), the key 'CodeRequirement' has an invalid value.
Here is the Profile:
identifier "us.zoom.xos" and anchor apple generic and certificate 1[field.1.2.840.113622.214.171.124.6] / exists / and certificate leaf[field.1.2.840.1136126.96.36.199.13] / exists / and certificate leaf[subject.OU] = BJ4HAAB9B3
And the following app or services:
The install command fails with the following Status error:
In the payload (UUID: 7F7BFCEE-07AE-4B6B-8C33-06FE37546025), the key 'CodeRequirement' has an invalid value.
How is the Code Requirement created? It was shared with me, I did not create it.
Found an error in the syntax where
needs to be "us.zoom.xos"
The profile installs OK now, however:
1. I still need to open System Privacy, Privacy
Navigate to Accessability, authenticate as admin and browse the /Applications folder and select Zoom.us
2. Even with this selected the support agent is unable to (remote) control
I have restarted the application on the client few times. If I remove the PPPC Profile I'm able to connect to the client and remote control.
The client computer is running macOS 15.7 and Zoom version is 5.4.7 (59780.1220) - current.
I will work on this more tomorrow with another client machine that is not affected by manual interaction with Security & Privacy changes.
You will also get that error message if you have AllowStandardUserToSetSystemService in a Configuration Profile for Big Sur if it's in the Access field any other than ListenEvent and ScreenCapture services.
We ran into this issue when we used PPPC to load an Apex One configuration profile into Jamf. When we toggled Big Sur Compatability on within PPPC it for some reason defaulted Allow to AllowStandardUserToSetSystemService in Jamf. So I went into Jamf and had to edit the settings for the Access field by selecting the drop-down and picking Allow for every App or Service showing AllowStandardUserToSetSystemService.
Raising awareness of this awesome PPPC profile compiled by @eholtam. It was posted on reddit, but I couldn't find it on JamfNation:
The profile currently contains a list of 55 app entitlements to permit non-admins to allow screen recording (ScreenCapture).
Thanks @abyrd for the
codesign command; I was able to use this to add Open Broadcaster Studio (OBS) to the profile above. Surprised it wasn't there already...
Trailing whitespace in the Jamf Pro 'Code Requirement' window will also cause the error:
'the key 'CodeRequirement' has an invalid value.'
This can be overlooked as the error is also produced (as others have mentioned) by invalid characters or scoping 'AllowStandardUserToSetSystemService' to non Big Sur machines.