Jamf Nation Community

Thank you for the screengrab @geoff.widdowson

I have entered the following in the
Code Requirement field

identifier “us.zoom.xos” and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = BJ4HAAB9B3

The profile fails to install with the following error:

In the payload (UUID: E9B95040-FD5F-4FCC-8299-5D3960ED0466), the key 'CodeRequirement' has an invalid value.

@atomczynski You will get that error if you are using the "ScreenCapture - Allow Standard Users to Allow Access" option on a machine that is not running Big Sur.

I end up creating a few versions of each PPPC profile (PPPC - Zoom (10.14), PPPC - Zoom (10.15), etc.), adding the specific features for each OS, and scoping them specifically to computers running that OS

Here is the Profile:

Indentifier:
us.zoom.xos

Identifier Type:
Bundle ID

Coder Requirement:
identifier "us.zoom.xos" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = BJ4HAAB9B3

And the following app or services:
Calendar: Allow
SystemPolicyAllFiles: Deny
PostEvent: Deny
Accessibility: Allow
SystemPolicySysAdminFiles: Deny
AddressBook: Allow
Photos: Allow
Reminders: Allow

The install command fails with the following Status error:
In the payload (UUID: 7F7BFCEE-07AE-4B6B-8C33-06FE37546025), the key 'CodeRequirement' has an invalid value.

How is the Code Requirement created? It was shared with me, I did not create it.

Found an error in the syntax where

"us.zoom.xos"

needs to be "us.zoom.xos"

The profile installs OK now, however:
1. I still need to open System Privacy, Privacy
Navigate to Accessability, authenticate as admin and browse the /Applications folder and select Zoom.us
2. Even with this selected the support agent is unable to (remote) control

I have restarted the application on the client few times. If I remove the PPPC Profile I'm able to connect to the client and remote control.

The client computer is running macOS 15.7 and Zoom version is 5.4.7 (59780.1220) - current.

I will work on this more tomorrow with another client machine that is not affected by manual interaction with Security & Privacy changes.

@atomczynski I think you need " /<star-char> exists <star-char>/ " to resolve (i.e include a star character after / and before /). For some reason doesn't show in comment box

You will also get that error message if you have AllowStandardUserToSetSystemService in a Configuration Profile for Big Sur if it's in the Access field any other than ListenEvent and ScreenCapture services.

We ran into this issue when we used PPPC to load an Apex One configuration profile into Jamf. When we toggled Big Sur Compatability on within PPPC it for some reason defaulted Allow to AllowStandardUserToSetSystemService in Jamf. So I went into Jamf and had to edit the settings for the Access field by selecting the drop-down and picking Allow for every App or Service showing AllowStandardUserToSetSystemService.

@RobbieReichard...

Thanks so much for that information!!! I too was experiencing failures to install config profiles, but modifying the Access field based on what you reported resolved the issue.

Expanding on what @atomczynski said about the syntax error. If you copy and paste the code requirement, the quotation marks will copy over as curved quotation marks and create a syntax error. Simply delete them and type in the quotation marks so they are neutral.

Just what i needed. Thanks

You can find the code requirement for most apps and binaries by using this command in Terminal:

codesign --display -r - /path/to/app/or/binary

Raising awareness of this awesome PPPC profile compiled by @eholtam. It was posted on reddit, but I couldn't find it on JamfNation:

https://github.com/poundbangbash/community-screenrecording-pppc-profile

The profile currently contains a list of 55 app entitlements to permit non-admins to allow screen recording (ScreenCapture).

Thanks @abyrd for the codesign command; I was able to use this to add Open Broadcaster Studio (OBS) to the profile above. Surprised it wasn't there already...

Trailing whitespace in the Jamf Pro 'Code Requirement' window will also cause the error:

'the key 'CodeRequirement' has an invalid value.'

This can be overlooked as the error is also produced (as others have mentioned) by invalid characters or scoping 'AllowStandardUserToSetSystemService' to non Big Sur machines.