Question about uploading TeamViewer Host to MacOS via MDM Intune
Hello, be there! | Cześć Wszystkim !
EN: I have a question and a request for help. I currently use the Intune MDM tool to deploy MacOS laptops and push the TeamViewer Host application on them for remote assistance in case of user issues. The problem is that I cannot create a custom configuration that will allow me to automatically select the option below without any intervention from the end user. Because asking the end user to do this i
PL:Mam pytanie i prośbę o pomoc. Obecnie używam narzędzia MDM Intune do wdrażania laptopów z MacOS i na nich mam wypychana aplikację TeamViewer Host do pomocy zdalnej w razie problemów użytkownika. Problem jest taki, że nie potrafię stworzyć konfiguracji niestandardowej, która pozwoli mi automatycznie bez ingerencji użytkownika końcowego zaznaczyć opcję jak poniżej. Ponieważ prośba użytkownika końcowego o wykonanie tej czynności jest problematyczna i wymaga podania hasła administratora komputera. Bardzo dziękuję za wasze podpowiedzi.
Answers
-
@RBPPHDeploy Apple unfortunately does not provide a way to give Screen Recording consent through MDM.
Screen Recording consent needs to be given manually on each Mac.Apple does provide a setting to let non-admin users give Screen Recording consent, so you can delegate this task to end users and enable them to give consent themselves. This can be done through the
ScreenCapture
Privacy Preferences Policy Control (PPPC) payload withAuthorization
set toAllowStandardUserToSetSystemService
.You can find an example on Apple's website:
Note that the example currently seems to have a copy & paste error: There are twoScreenCapture
sections in the example. You will only need one.0 -
@MoreCoffee Thanks for the tip. I tried to change one of the options you suggested, unfortunately I have an error when implementing this configuration, it looks like I have it built incorrectly. Can you tell me where my mistake is? The configuration looks like this
0 -
@RBPPHDeploy What error are you getting and where?
The code signing requirements and bundle identifier look ok. I'm not sure what "Allowed" and "Static Code" do to the resulting config. There seems to be a "minus" button to the right of those – are they removable?
0 -
It seems to have worked after I removed these options :) Many thanks for your help
0