Tag: pppc
-
Allowing Outset-run scripts to have access to user folders
Because of TCC/PPPC, which Apple introduced in macOS 10.14, scripts and applications have to ask for permissions to do certain things, especially things like reading user home directory files. If you have an Outset login script that tries to access something in the home directory, you may find in the ~/Library/Logs/outset.log that you get a…
-
Scripting SSH off/on without needing a PPPC/TCC profile
You used to be able to use /usr/sbin/systemsetup -f -setremotelogin off or /usr/sbin/systemsetup -f -setremotelogin on to script disabling or enabling SSH on macOS. Now that macOS has Privacy Preferences Policy Control, which needs a profile delivered by a user-approved MDM, you may get this error: setremotelogin: Turning Remote Login on or off requires Full…
-
Double-checking details of deployed PPPC/TCC profile from MDM
If you’ve deployed a PPPC/TCC profile from your user-approved MDM to a Mac, and you see the profile in System Preferences > Profiles, you can also verify all the details of the deployed profile on the Mac itself by going to /Library/Application Support/com.apple.TCC/MDMOverrides.plist (which is an SIP-protected directory, by the way).
-
TCC in Mojave doesn’t prevent deleting local folders for AD-bound Macs
Note: We’re currently using a setup of Force local home directory on startup disk for AD-bound Macs instead of Create mobile account at login or Use UNC path from Active Directory to derive network home location—so if you’re using either of those other options, your mileage may vary—definitely do some testing! This is also as…