Help

Auto-accept Jamf wants to control System Events?

dungeonadept
New Contributor III

Posted on ‎03-27-2024 08:57 AM

I've got users seeing a "Jamf wants to control system events" popup. I think this is from deploying my new Jamf Connect config profiles, but not entirely certain. Is there a way I can have the devices auto-accept this message? Users are confused about why it's showing up.

Labels:
0 Kudos
2 REPLIES 2

howie_isaacks
Valued Contributor II

Posted on ‎03-27-2024 03:36 PM

This post may be helpful to you:

https://community.jamf.com/t5/jamf-pro/terminal-wants-access-to-control-system-events/m-p/292509

The PPPC utility would enable you to get the info you need to create a profile with a PPPC payload to allow the Jamf agent to do what you need without showing a pop-up message to be allowed to do it. Here's the code requirement: 

anchor apple generic and identifier "com.jamfsoftware.jamf" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "483DWKW443")

For Identifier you could use the path: /usr/local/jamf/bin/jamf

For the app or service, I'm not sure exactly what type of event to allow but it's something that would be easy to play with and figure it out. I'm surprised that you're getting the alert since implementing Jamf Connect generates the needed profiles, at least it did when I deployed it 2 years ago. I no longer work with Jamf Connect. Things may have changed since then.

0 Kudos

Bol
Valued Contributor

‎03-29-2024 05:11 AM - edited ‎03-29-2024 05:15 AM

Yes you can but it will make you work for it...

A whitelisting of permission needs to be granted to the binary (Jamf in your case) using a Privacy Preference Policy Control profile, to whatever action it is trying to accomplish.

Find the responsible app;
- If you can make the popup occur, run this in terminal before you do, come back with the results;

log stream --debug --predicate 'subsystem == "com.apple.TCC" AND eventMessage BEGINSWITH "AttributionChain"'

- If you are unable to but have a machine where it popped up, try;
log show -style syslog --predicate 'subsystem == "com.apple.TCC"' --info --last 1h | grep Prompting

A head start I can give you.. This will either be triggered by Jamf on login;
/Library/Application Support/JAMF/Jamf.app/Contents/MacOS/JamfDaemon.app/Contents/MacOS/JamfDaemon
Or by a Self Service policy;
/Library/Application Support/JAMF/Jamf.app/Contents/MacOS/JamfManagementService.app/Contents/MacOS/JamfManagementService

Either the login daemon or management service is likely calling another process, then causing the prompt. Are you running any scripts on login or self service policies that call Terminal or Apple Script, then interacts with Finder or System Settings, Accessibility etc. Needs to be whitelisted to do so..

If you get stuck, come back and let us know what you find. Good luck!

https://learn.jamf.com/en-US/bundle/technical-articles/page/Preparing_Your_Organization_for_User_Dat...

https://eclecticlight.co/taccy-signet-precize-alifix-utiutility-alisma/

https://scriptingosx.com/2020/09/avoiding-applescript-security-and-privacy-requests/


0 Kudos