Hi.

I am trying to set SystemPolicyDocumentsFolder to "allow" for an app but it doesn't appear to work as expected. SystemPolicyDownloadsFolder and SystemPolicyDesktopFolder work and when I view the policy in Jamf SystemPolicyDocumentsFolder doesn't appear to be listed, nor can I add it manually in the payload. If I save the file from the app the entry is there.

Thanks

The add/remove buttons disappear in Applications view when adding many applications ~15

See the screenshots:

Hi

I use Jamf Pro 10.15 and PPPC for accecibility of a wacom driver in Mojave

So when a add a mac in scope of configuration profile, the deployment of configuration profile failed, without error.

I've created a case (JAMF-0767429) on jamf support for this error of deploying profile

Bye

Tried to add an applescript .scpt file, but the file is greyed out and wont let me choose it.

Im working with Mimio Notebook and it won't allow me to add it to the window with the plus button or with drag and drop. This may be a duplicate issue since I saw another posting describing the same issue.

Add a Changelog according the conventions here: https://keepachangelog.com/en/1.0.0/

Retroactively add the past release notes to the change log.

All new changes after this should include a section in the change log.

This issue is for testing the Github notifications into other channels.

I have an app which, by default, lives in /opt/. I am unable to drag this .app file in nor can I add it using the '+' option. Please advise. Thanks in advance!

After upgrading to 10.15 Beta 7 19A546d the Apple Events window is changed to just a line preventing editing or adding new events.

I have code signed a script but PPPC utility will not accept it. I have verified it it is code signed by running the appropriate commands.

Apple introduced 4 new items in the Privacy System preferences panel
Screen Recording, Automation, Analytics & Improvements, and Advertising.

In the new days of remote working we need at least a way to allow Screen Recording and these are not currently covered that I can find. Could we get an update to cover either Screen Recording or all of them??
Thanks!

"All Files" in the properties fields should be listed as "Full Disk Access", as the verbiage not being identical is rather confusing.
We even had a jamf pro member get confused by this for a minute.

If you click on the PPPC Utility menu you see it still has references to TCC:
About TCCUtility
Hide TCCUtility
Quit TCCUtility

As a user of this app I would like the full code signing requirement to be displayed for the selected item so that I understand exactly what the full requirement is.

Currently when an item is selected in the left-most list, it's name, bundle identifier, and code signing requirement are displayed in the top of the window. The code signing requirement is given two lines of text to display, and if it is longer then the top half of a third line will display (sometimes). This is especially noticeable when the window is shrunk to it's minimum horizontal size. Jamf Pro's Self Service app has a long requirement; Sublime Text also has a long requirement.

We could either cap it at two lines and give some indicator that there is more with a hover displaying the full text, or we could make the requirement scrollable, or we could have it auto-expand to more lines as needed. The auto-expand would still probably require some hard upper limit (so the rest of the controls are still usable) so the hover or scrollable solution would be needed anyway for really really long requirements.

Testing out the Big Sur compatibility setting gives a result that setting allow on a setting that doesn't have the allow standard users setting uploads to jamf with that value set.
I noticed this setting a profile up that had the screen capture setting in it as well.

As a developer I want Github to run an action to verify code changes pass our SwiftLint checks before being approved.

Automated verification of SwiftLint via Github actions will allow us to simplify the PR process. Developers will get immediate feedback if their PRs violate the linting process, even if they don't lint the code themselves.

Note: Issue #55 must be completed first.

Be able to add com.apple.screensharing.agent to PPPC-Utility so PPPC-Utility can be used to manage screensharing PPPC settings.
https://support.apple.com/en-au/HT209161

Add swiftlint as a script phase to the project to integrate warnings with Xcode and standardize on some code styles and conventions:

https://github.com/realm/SwiftLint

Here are some rules to add to a .swiftlint file for the project:

opt_in_rules:
  - empty_count
  - operator_usage_whitespace
  - trailing_closure
  - yoda_condition

disabled_rules:
  - line_length
  - trailing_whitespace

# Overriding existing rules

file_length:
  ignore_comment_only_lines: true

type_body_length:
  - 200 # warning
  - 400 # error

Here is an example script to add to the Xcode build phase

if which swiftlint >/dev/null; then
swiftlint
else
echo "warning: SwiftLint not installed, download from https://github.com/realm/SwiftLint"
fi

Once added, all warnings should then be resolved as part of this ticket.

To make it easier to find properties they should be listed alphabetically like:

Accessibility
Address Book
Admin Files
All Files
etc

If there are applications in the sidebar, we should not disable the save and upload buttons.

Change the logic to only disable the buttons when there are no applications in the list.

Hi, I'm using the latest release (1.2.0) and i'm unable to sign my config profile, whenever I chose to save a signed profile, it prompts me with a keychain password and the text fields are broken. It seems i can focus them, it highlights and i can even see the cursor but whenever i try to type in, nothing happens, there's only the anoying error system sound telling that you're typing nowhere.

I tried on different macs, same thing.

Any clue ?

Hello, I would like to request the addition of the newly released keys for the PPPC settings.

The new Authorization keys we have been granted are Allow/Deny for the Screen Recording and Input Monitoring.

There is also the new addition of the AllowStandardUserToSetSystemService which is different than the above model but still applies. It persists non-admin users to allow access to predefined apps in System Preferences.

In the Upload view when Check Connection is run if it fails it does not report a failure reason.
It could check for a 401 or unknown host error and report it to the user.

as per the title - When I create a profile in PPPC 1.1.0 and save it locally, selecting a signing identity doesn't appear to sign the profile.

The expected behavior would be that the selected Apple Event is removed. I would suggest we also disable the minus '-' button while nothing is selected.

It would be great if the utility would have an option to upload to a specific Site in the Jamf server. We have several departments with distributed administration of each site.

Thanks!

I would like to be able to build a configuration, upload it, and save it. I would then like to later re-open this configuration and make changes to it - typically the addition of more PPPC settings.

It is highly unlikely that a single computer would not have all the source apps on it and indeed in some cases it might not even be possible to install all the apps on a single computer. Therefore if the config can be saved and reloaded it would be possible to build the settings via several different computers before uploading the complete list to the JSS server. It would also make it possible to load an existing config then update it and upload the new version to the JSS server without having to laboriously repeat previous apps.

When adding applications to receive Apple Events from an application, the receiving applications default to Deny. Considering the more common use case for this utility is to allow one application to receive Apple Events from another, I believe that receiving applications should default to Allow.

When uploading, we should be able to detect or specify Jamf Pro vs Jamf Now and use the appropriate API depending on the product.

Smart Notebook on Mojave requires the "SmartBoardService" in the Accessibility tab to be enabled.

It is located in "SMART Technologies -> SMART Settings -> Contents -> bin -> SMARTBoardService"

Right now you cannot add it in or drag it in.

Some of the requirements for PPPC can be quite annoying to get exactly right. It'd be really useful to be able to import the TCC database of the computer running PPPC as a starting point.

Although there is an "all files" property (in Catalina at least) that doesn't translate to the "Full Disk Access" privacy request. I'm not sure what the correct flag should be though, so I can't help there.

Duplicate apps can be added to the Apple Events view for each app in the Applications view.

#39 was partially fixed by #43 but the Apple Events view is still able to receive duplicates. The same definition works:
The app should not allow duplicate applications. Duplicates should be defined as an app that matches the name/identifier and code requirements.

Since Jamf supplies this profile, a much better example images would show an actual application without reference to the Jamf binaries... to avoid confusion and misdirection.

Suggestion: 'Jamf Pro Server' label be changed to 'Jamf Pro Server URL'

The label suggests that the field wants just jamf.example.com

The value for the PayloadType key in the root element isn't being set to "Configuration" when file is saved. Instead, it uses the same value (com.apple.TCC.configuration-profile-policy) for the other PayloadType key that is located in the PayloadContent's element .

This causes profiles to not be able to be uploaded into Jamf Now's Custom Profiles feature. Jamf Now requires that this "root" PayloadType value must be "Configuration".

When adding an application the utility fails silently and does not add the application.
This could be improved to report that there was a failure and why (e.g. couldn't get code signing requirement, couldn't read file).

You can add the same application many times in Applications view and Apple Events view.

The app should not allow duplicate applications. Duplicates should be defined as an app that matches the name/identifier and code requirements.

PPPC-Utility does not support Notification Settings payloads.
https://developer.apple.com/documentation/devicemanagement/notifications/notificationsettingsitem

Notification Settings payloads are now available on macOS Catalina .
Please add support for Notification Settings payloads.

PPPC has been working fine for me until the latest Jamf Pro release 10.23, now Check Connection at Upload just doesn't do anything for me. Anyone having this problem too? Thanks.

PPPC Version 1.2.0 (1.2.0-t1588162790)
Jamf Pro 10.23.0-t1595614145

After downloading latest release [https://github.com/jamf/PPPC-Utility/releases/download/1.2.1/PPPC-Utility.zip] and extracting it from the archive, the application is still version 1.2.0, not 1.2.1.

It would be great if I could import an existing unsigned mobileconfig profile that has TCC settings, add stuff and save/upload the new profile.

My company is trying to deploy the AccessData agent and it requires full disk access to function as expected, so I'd like to deploy a config profile allowing this via Jamf. After installing the agent on a VM and running the PPPC Utility from there, I am unable to add the adagent application to the Applications section in the PPPC Utility. When I use the drag/drop method, the Applications sidebar lights up with the green outline as if it's going to complete the add, but when I release the app, nothing is added. Similarly, using the + button and manually navigating to the app through the file system doesn't work either. I can select the adagent app, but after clicking Open, nothing is in the Applications sidebar.

Thoughts?

Does this tool support Single Sign-On?

In the PPPC utility, the function to allow access to the microphone and camera are missing. The other items appear to have allow or deny.

I used PPPC utility to generate profile with payload of PayloadType : com.apple.TCC.configuration-profile-policy.

However top level profile PayloadType was also set to com.apple.TCC.configuration-profile-policy.

That's incorrect. Apple docs say:

PayloadType - String - The only supported value is Configuration.

I was not able to upload this profile to SimpleMDM until I fixed it.

Made a profile using PPPC to allow jamfagent to access Admin files but still getting the GUI warning for a DSCL call

I was just testing the app and I noticed that when I choose the save option and try to sign the profile I do not get the keychain prompt to unlock for signing. I am getting the prompt when trying to sign and upload the profile.

Thanks
Allen

Implement drag and drop when multiple apps are selected.