Jump to content

Possible to deploy privacy & security settings through Profiles?


Recommended Posts

Many apps on macOS require an admin user to allow certain privacy & security settings, e.g. Teams needs Accessibility access and screen recording rights.

Is there a way to deploy these settings through profiles or maybe even elevate a normal user to grant specific rights?

(Another example: I can't pause/unpause a printer from the print center because this requires admin privileges)

Link to comment
Share on other sites

  • Moderators

TCC/PPPC rights, as they are known, are managed with Security & Privacy profiles.  There are two different Security & Privacy Profile types (Apple used to have this all in one profile and then they split out TCC from the rest):

 

There are two profiles in our example TeamViewer recipe which offers two approaches to options which you may find useful, since there will be some similarity:

https://kb.filewave.com/books/teamviewer/page/teamviewer-macos-client-setup

Apple never made this easy, when it comes to identifying what is required:

https://kb.filewave.com/books/profiles-apple/page/macos-privacy-preferences-payload-in-mojave-1014

But you may well find examples on the Web specifically for Teams.  Many major vendors supply the necessary details to configure these settings.

 

Printer settings are different.  This is standard admin permissions and staff users do not have the ability to manage many print features by default.  However, you can add users to additional groups.  Something like:

/usr/sbin/dseditgroup -o edit -n /Local/Default -a staff -t group lpadmin

 

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...