-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Uploading new Jamf filesystem and notifications profiles
Uploading new separate Jamf filesystem and notifications profiles.
- Loading branch information
Showing
5 changed files
with
120 additions
and
71 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| The command below will use tccprofile.py to generate a whitelist profile with the following characteristics: | ||
|
|
||
| Full Disk Access: | ||
|
|
||
| /Library/Application Support/JAMF/Jamf.app | ||
| /usr/local/jamf/bin/jamfAgent | ||
| /usr/local/jamf/bin/jamf | ||
|
|
||
| Command used with tccprofile.py to generate the profile: | ||
|
|
||
| /path/to/tccprofile.py --allfiles "/Library/Application Support/JAMF/Jamf.app" /usr/local/jamf/bin/jamfAgent /usr/local/jamf/bin/jamf --allow --payload-description="This profile allows specified applications access to specified filesystem locations." --payload-identifier="com.company.jamf.fileaccess.tcc.privacy.whitelist" --payload-name="Privacy Settings Whitelist - Jamf" --payload-org="Company Name" --payload-version="1" -o Jamf_All_Files_v1.mobileconfig |
83 changes: 83 additions & 0 deletions
83
Privacy Settings Whitelist - Jamf Filesystem/Unsigned/Jamf_All_Files_v1.mobileconfig
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | ||
| <plist version="1.0"> | ||
| <dict> | ||
| <key>PayloadContent</key> | ||
| <array> | ||
| <dict> | ||
| <key>PayloadDescription</key> | ||
| <string>This profile allows specified applications access to specified filesystem locations.</string> | ||
| <key>PayloadDisplayName</key> | ||
| <string>Privacy Settings Whitelist - Jamf</string> | ||
| <key>PayloadIdentifier</key> | ||
| <string>com.company.jamf.fileaccess.tcc.privacy.whitelist.4DAA3D6E-BC42-11E8-B851-D0817ADA38E4</string> | ||
| <key>PayloadOrganization</key> | ||
| <string>Company Name</string> | ||
| <key>PayloadType</key> | ||
| <string>com.apple.TCC.configuration-profile-policy</string> | ||
| <key>PayloadUUID</key> | ||
| <string>4DAA3D6E-BC42-11E8-B851-D0817ADA38E4</string> | ||
| <key>PayloadVersion</key> | ||
| <integer>1</integer> | ||
| <key>Services</key> | ||
| <dict> | ||
| <key>SystemPolicyAllFiles</key> | ||
| <array> | ||
| <dict> | ||
| <key>Allowed</key> | ||
| <true/> | ||
| <key>CodeRequirement</key> | ||
| <string>identifier "com.jamf.management.Jamf" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "483DWKW443"</string> | ||
| <key>Comment</key> | ||
| <string>Allow SystemPolicyAllFiles control for Jamf</string> | ||
| <key>Identifier</key> | ||
| <string>com.jamf.management.Jamf</string> | ||
| <key>IdentifierType</key> | ||
| <string>bundleID</string> | ||
| </dict> | ||
| <dict> | ||
| <key>Allowed</key> | ||
| <true/> | ||
| <key>CodeRequirement</key> | ||
| <string>identifier "com.jamfsoftware.jamfAgent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "483DWKW443"</string> | ||
| <key>Comment</key> | ||
| <string>Allow SystemPolicyAllFiles control for jamfAgent</string> | ||
| <key>Identifier</key> | ||
| <string>/usr/local/jamf/bin/jamfAgent</string> | ||
| <key>IdentifierType</key> | ||
| <string>path</string> | ||
| </dict> | ||
| <dict> | ||
| <key>Allowed</key> | ||
| <true/> | ||
| <key>CodeRequirement</key> | ||
| <string>identifier "com.jamfsoftware.jamf" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "483DWKW443"</string> | ||
| <key>Comment</key> | ||
| <string>Allow SystemPolicyAllFiles control for jamf</string> | ||
| <key>Identifier</key> | ||
| <string>/usr/local/jamf/bin/jamf</string> | ||
| <key>IdentifierType</key> | ||
| <string>path</string> | ||
| </dict> | ||
| </array> | ||
| </dict> | ||
| </dict> | ||
| </array> | ||
| <key>PayloadDescription</key> | ||
| <string>This profile allows specified applications access to specified filesystem locations.</string> | ||
| <key>PayloadDisplayName</key> | ||
| <string>Privacy Settings Whitelist - Jamf</string> | ||
| <key>PayloadIdentifier</key> | ||
| <string>com.company.jamf.fileaccess.tcc.privacy.whitelist</string> | ||
| <key>PayloadOrganization</key> | ||
| <string>Company Name</string> | ||
| <key>PayloadScope</key> | ||
| <string>system</string> | ||
| <key>PayloadType</key> | ||
| <string>Configuration</string> | ||
| <key>PayloadUUID</key> | ||
| <string>4DAB4357-BC42-11E8-B050-D0817ADA38E4</string> | ||
| <key>PayloadVersion</key> | ||
| <integer>1</integer> | ||
| </dict> | ||
| </plist> |
11 changes: 11 additions & 0 deletions
11
Privacy Settings Whitelist - Jamf Notifications/README.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| The command below will use tccprofile.py to generate a whitelist profile with the following characteristics: | ||
|
|
||
| Able to send restricted AppleEvents: | ||
|
|
||
| /Library/Application Support/JAMF/Jamf.app - Send AppleEvents to SystemEvents, SystemUIServer and Finder | ||
| /usr/local/jamf/bin/jamfAgent - Send AppleEvents to SystemEvents, SystemUIServer and Finder | ||
| /usr/local/jamf/bin/jamf - Send AppleEvents to SystemEvents, SystemUIServer and Finder | ||
|
|
||
| Command used with tccprofile.py to generate the profile: | ||
|
|
||
| /path/to/tccprofile.py --appleevents "/Library/Application Support/JAMF/Jamf.app","/System/Library/CoreServices/System Events.app" "/Library/Application Support/JAMF/Jamf.app","/System/Library/CoreServices/SystemUIServer.app" "/Library/Application Support/JAMF/Jamf.app","/System/Library/CoreServices/Finder.app" /usr/local/jamf/bin/jamfAgent,"/System/Library/CoreServices/System Events.app" /usr/local/jamf/bin/jamfAgent,"/System/Library/CoreServices/SystemUIServer.app" /usr/local/jamf/bin/jamfAgent,"/System/Library/CoreServices/Finder.app" /usr/local/jamf/bin/jamf,"/System/Library/CoreServices/System Events.app" /usr/local/jamf/bin/jamf,"/System/Library/CoreServices/SystemUIServer.app" /usr/local/jamf/bin/jamf,"/System/Library/CoreServices/Finder.app" --allow --payload-description="This profile allows specified applications to display information to the logged-in user." --payload-identifier="com.company.jamf.notifications.tcc.privacy.whitelist" --payload-name="Privacy Settings Whitelist - Jamf Notifications" --payload-org="Company Name" --payload-version="1" -o Jamf_All_Notifications_v1.mobileconfig |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.