Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Since 11.4 jamf is not getting correct access to System Events #110

Open
GabeShack opened this issue Feb 10, 2022 · 2 comments
Open

Since 11.4 jamf is not getting correct access to System Events #110

GabeShack opened this issue Feb 10, 2022 · 2 comments
Labels
PPPC functionality Bugs/problems with PPPC functionality on macOS

Comments

@GabeShack
Copy link

Hi,
Since around 11.4 (with some security updates apple changed) we have been seeing a mixed sh/apple script cause a message '"Jamf" wants access to control "System Events".'

In the past the TCC Configuration profile I created for both Jamf and OSAScript bypassed this message however after 11.4 this started up, which looks like it requires more PP approval.

I am trying my hardest to narrow down what actually needs to be changed for this to function correctly. I've followed the logging steps in this article:
https://krypted.com/mac-os-x/reviewing-tcc-dialog-prompts-using-logs-on-a-mac/

But it doesn't seem to be providing me with many answers.

In the discussions on this on the Jamf forums, one user has said they got around this by changing the code requirement identifier to be more generic IE using the identifier com.jamf.management.daemon, but using the code requirement for the jamf app.

https://community.jamf.com/t5/jamf-pro/quot-jamf-quot-wants-access-to-control-quot-system-events-quot/m-p/258122#M238876

I cannot verify this is working, but wondering if instead of making these intricate jamf config profiles to allow it to work with osascript and system events, instead to have a premade "Jamf" template that allows for all jamf identifiers to interact with all parts of system events and parent processes?

@macblazer
Copy link
Contributor

@GabeShack Can you post here a plain text mobileconfig file (that is, not signed and encrypted), or an excerpt from it that shows the keys that you are using that do not work? It's hard to diagnose a somewhat generic question and distill an entire forum conversation.

@GabeShack
Copy link
Author

In reviewing this issue with both Apple and Jamf, it seems this has been a verified issue and its recommended when creating a TCC for any Jamf process, to use the the code identifier of the the parent process (jamf.app) instead of the child process jamfdaemon.

I can submit both the code im trying to run and the jamf tcc i currently use that causes it to prompt for access to system events, however i believe now after speaking with some engineers at apple, that this is not a solvable issue currently.

@macblazer macblazer added the PPPC functionality Bugs/problems with PPPC functionality on macOS label Sep 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
PPPC functionality Bugs/problems with PPPC functionality on macOS
Projects
None yet
Development

No branches or pull requests

2 participants