Created
August 23, 2018 02:11
-
-
Save haircut/197f89ec5a07837b73f2e52dcf4c4172 to your computer and use it in GitHub Desktop.
Largely disable consent prompts in a Jamf environment.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
<plist version="1.0"> | |
<dict> | |
<key>PayloadContent</key> | |
<array> | |
<dict> | |
<key>Services</key> | |
<dict> | |
<key>Accessibility</key> | |
<array> | |
<dict> | |
<key>Identifier</key> | |
<string>com.apple.Terminal</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.apple.Terminal" and anchor apple</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>Allow Terminal to control applications via the Accessibility subsystem.</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.jamf.management.Jamf</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.jamf.management.Jamf" and certificate leaf[subject.OU] = "483DWKW443" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>Allow Jamf.app to control applicationss via the Accessibility subsystem.</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.apple.loginwindow</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.apple.loginwindow" and anchor apple</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>Allow loginwindow to control applicationss via the Accessibility subsystem.</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.apple.xpc.launchd</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.apple.xpc.launchd" and anchor apple</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>Allow launchd to control applicationss via the Accessibility subsystem.</string> | |
</dict> | |
</array> | |
<key>PostEvent</key> | |
<array> | |
<dict> | |
<key>Identifier</key> | |
<string>com.apple.Terminal</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.apple.Terminal" and anchor apple</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>Allow Terminal to use CoreGraphics APIs to send CGEvents to the system event stream.</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.jamf.management.Jamf</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.jamf.management.Jamf" and certificate leaf[subject.OU] = "483DWKW443" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>Allow Jamf.app to use CoreGraphics APIs to send CGEvents to the system event stream.</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.apple.loginwindow</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.apple.loginwindow" and anchor apple</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>Allow loginwindow to use CoreGraphics APIs to send CGEvents to the system event stream.</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.apple.xpc.launchd</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.apple.xpc.launchd" and anchor apple</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>Allow launchd to use CoreGraphics APIs to send CGEvents to the system event stream.</string> | |
</dict> | |
</array> | |
<key>SystemPolicyAllFiles</key> | |
<array> | |
<dict> | |
<key>Identifier</key> | |
<string>com.apple.Terminal</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.apple.Terminal" and anchor apple</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>Allow Terminal access to all protected filess.</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.jamf.management.Jamf</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.jamf.management.Jamf" and certificate leaf[subject.OU] = "483DWKW443" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>Allow Jamf.app access to all protected files.</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.apple.loginwindow</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.apple.loginwindow" and anchor apple</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>Allow loginwindow access to all protected files.</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.apple.xpc.launchd</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.apple.xpc.launchd" and anchor apple</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>Allow launchd access to all protected files.</string> | |
</dict> | |
</array> | |
<key>SystemPolicySysAdminFiles</key> | |
<array> | |
<dict> | |
<key>Identifier</key> | |
<string>com.apple.Terminal</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.apple.Terminal" and anchor apple</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>Allow Terminal access to some files used in system administration.</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.jamf.management.Jamf</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.jamf.management.Jamf" and certificate leaf[subject.OU] = "483DWKW443" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>Allow Jamf.app access to some files used in system administration.</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.apple.loginwindow</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.apple.loginwindow" and anchor apple</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>Allow loginwindow access to some files used in system administration.</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.apple.xpc.launchd</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.apple.xpc.launchd" and anchor apple</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>Allow launchd access to some files used in system administration.</string> | |
</dict> | |
</array> | |
<key>AppleEvents</key> | |
<array> | |
<dict> | |
<key>Identifier</key> | |
<string>com.apple.Terminal</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.apple.Terminal" and anchor apple</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>**EXAMPLE** Allow Terminal to send a restricted AppleEvent to Safari.</string> | |
<key>AEReceiverIdentifier</key> | |
<string>com.apple.Safari</string> | |
<key>AEReceiverIdentifierType</key> | |
<string>bundleID</string> | |
<key>AEReceiverCodeRequirement</key> | |
<string>identifier "com.apple.Safari" and anchor apple</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.jamf.management.Jamf</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.jamf.management.Jamf" and certificate leaf[subject.OU] = "483DWKW443" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>**EXAMPLE** Allow Jamf.app to send a restricted AppleEvent to Safari.</string> | |
<key>AEReceiverIdentifier</key> | |
<string>com.apple.Safari</string> | |
<key>AEReceiverIdentifierType</key> | |
<string>bundleID</string> | |
<key>AEReceiverCodeRequirement</key> | |
<string>identifier "com.apple.Safari" and anchor apple</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.apple.loginwindow</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.apple.loginwindow" and anchor apple</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>**EXAMPLE** Allow loginwindow to send a restricted AppleEvent to Safari.</string> | |
<key>AEReceiverIdentifier</key> | |
<string>com.apple.Safari</string> | |
<key>AEReceiverIdentifierType</key> | |
<string>bundleID</string> | |
<key>AEReceiverCodeRequirement</key> | |
<string>identifier "com.apple.Safari" and anchor apple</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.apple.xpc.launchd</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.apple.xpc.launchd" and anchor apple</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>**EXAMPLE** Allow launchd to send a restricted AppleEvent to Safari.</string> | |
<key>AEReceiverIdentifier</key> | |
<string>com.apple.Safari</string> | |
<key>AEReceiverIdentifierType</key> | |
<string>bundleID</string> | |
<key>AEReceiverCodeRequirement</key> | |
<string>identifier "com.apple.Safari" and anchor apple</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.jamf.management.Jamf</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.jamf.management.Jamf" and certificate leaf[subject.OU] = "483DWKW443" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>**EXAMPLE** Allow Jamf.app to send a restricted AppleEvent to Self Service.</string> | |
<key>AEReceiverIdentifier</key> | |
<string>com.jamfsoftware.selfservice.mac</string> | |
<key>AEReceiverIdentifierType</key> | |
<string>bundleID</string> | |
<key>AEReceiverCodeRequirement</key> | |
<string>anchor apple generic and identifier "com.jamfsoftware.selfservice.mac"</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.apple.Terminal</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.apple.Terminal" and anchor apple</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>**EXAMPLE** Allow Terminal to send a restricted AppleEvent to Self Service.</string> | |
<key>AEReceiverIdentifier</key> | |
<string>com.jamfsoftware.selfservice.mac</string> | |
<key>AEReceiverIdentifierType</key> | |
<string>bundleID</string> | |
<key>AEReceiverCodeRequirement</key> | |
<string>anchor apple generic and identifier "com.jamfsoftware.selfservice.mac"</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.apple.loginwindow</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.apple.loginwindow" and anchor apple</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>**EXAMPLE** Allow loginwindow to send a restricted AppleEvent to Self Service.</string> | |
<key>AEReceiverIdentifier</key> | |
<string>com.jamfsoftware.selfservice.mac</string> | |
<key>AEReceiverIdentifierType</key> | |
<string>bundleID</string> | |
<key>AEReceiverCodeRequirement</key> | |
<string>anchor apple generic and identifier "com.jamfsoftware.selfservice.mac"</string> | |
</dict> | |
<dict> | |
<key>Identifier</key> | |
<string>com.apple.xpc.launchd</string> | |
<key>IdentifierType</key> | |
<string>bundleID</string> | |
<key>CodeRequirement</key> | |
<string>identifier "com.apple.xpc.launchd" and anchor apple</string> | |
<key>Allowed</key> | |
<true/> | |
<key>Comment</key> | |
<string>**EXAMPLE** Allow launchd to send a restricted AppleEvent to Self Service.</string> | |
<key>AEReceiverIdentifier</key> | |
<string>com.jamfsoftware.selfservice.mac</string> | |
<key>AEReceiverIdentifierType</key> | |
<string>bundleID</string> | |
<key>AEReceiverCodeRequirement</key> | |
<string>anchor apple generic and identifier "com.jamfsoftware.selfservice.mac"</string> | |
</dict> | |
</array> | |
</dict> | |
<key>PayloadDescription</key> | |
<string>Largely disable consent prompts in a Jamf environment.</string> | |
<key>PayloadDisplayName</key> | |
<string>TCC Testing Privacy Policy</string> | |
<key>PayloadIdentifier</key> | |
<string>test.mdm.tcc.SystemPolicySysAdminFiles.1</string> | |
<key>PayloadOrganization</key> | |
<string>Org</string> | |
<key>PayloadType</key> | |
<string>com.apple.TCC.configuration-profile-policy</string> | |
<key>PayloadUUID</key> | |
<string>0D4540F5-35EC-45B8-9F11-46F6CA7721ED</string> | |
<key>PayloadVersion</key> | |
<integer>1</integer> | |
</dict> | |
</array> | |
<key>PayloadDescription</key> | |
<string>Largely disable consent prompts in a Jamf environment.</string> | |
<key>PayloadDisplayName</key> | |
<string>TCC Testing Privacy Policy</string> | |
<key>PayloadIdentifier</key> | |
<string>test.mdm.tcc.SystemPolicySysAdminFiles</string> | |
<key>PayloadOrganization</key> | |
<string>Org</string> | |
<key>PayloadScope</key> | |
<string>system</string> | |
<key>PayloadType</key> | |
<string>Configuration</string> | |
<key>PayloadUUID</key> | |
<string>963857BE-CDFF-4ED5-95CD-08FE187E1365</string> | |
<key>PayloadVersion</key> | |
<integer>1</integer> | |
</dict> | |
</plist> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment