MLBZ521
commented
2 years ago Have you read the Wiki?
Closed gbica-hzo closed 1 year ago
gbica-hzo
commented
2 years ago Yes, I read the Wiki. The only difference is I am deploying the app via MDM, and the said user is already a standard user. Do I need to make the user admin first before the account is usable? That's not in Wiki if that's the case.
gbica-hzo
commented
2 years ago In Wiki.. during install step 1 does not invoke because the app is deployed via MDM/Munki and logged on user is not admin step 4 Launch Privileges.app and click the Remove Privileges button. this does not trigger because logged on user is not admin step 5 Helper Tool prompt is not invoked
grahampugh
commented
2 years ago There is no need for the user to be admin before installing Privileges. Munki should be installing the app as root, so the user does not need to be admin. I use Jamf, but the process is the same, and I have no problems with this.
gbica-hzo
commented
2 years ago @grahampugh Have you had to complete step 5 manually? For some reason the app is not working, even though it's dead simple to install and run. Could it be the Helper Tool is not installed?
rougegoat
commented
2 years ago How are you building the installer? There is an AutoPkgr recipe that you should probably use to ensure everything works. Here is a writeup on how to use that.
I believe the developers are not planning to make a ready to go installer since that recipe is available.
MLBZ521
commented
2 years ago @gbica-hzo What @rougegoat said is what I was going to respond with.
Are you deploying Privileges.app that you downloaded from the releases on GitHub? If so, that is not sufficient enough to make it work. You could easily do this without AutoPkg, but that's just the "easy" way (assuming you have AutoPkg setup). You could also take the [pre|post]install scripts from the AutoPkg recipes and create a .pkg by hand (e.g. using munkipkg or similar).
The process described in the Wiki Installation page expects the current user to be an Admin. If it is not, then Privileges.app cannot be installed that way. So, you'll need to use another method (like the one mentioned above) to install Privileges.app.
gbica-hzo
commented
2 years ago @MLBZ521 and @rougegoat
SimpleMDM has Privileges in their own Munki instance. I selected it for deployment and it is installed on the targeted group.
Here is what I think the plist for the helper app.
rougegoat
commented
2 years ago Sounds like an issue with how SimpleMDM is packaging this rather than with the app itself.
MLBZ521
commented
2 years ago Can you confirm on a Mac that is not working that the following files exist?
Also ensure that the LaunchDaemon is running.
gbica-hzo
commented
2 years ago I can confirm the files exist in both locations.
launchctl print system/corp.sap.privileges.helper
command shows state = not running.
MLBZ521
commented
2 years ago Are there any extended attributes associated with these files?
xattr /Library/PrivilegedHelperTools/corp.sap.privileges.helperxattr /Library/LaunchDaemons/corp.sap.privileges.helper.plistgbica-hzo
commented
2 years ago xattr /Library/PrivilegedHelperTools/corp.sap.privileges.helper shows "com.apple.quarantine" (EDITED) xattr /Library/LaunchDaemons/corp.sap.privileges.helper.plist is empty
EDIT1: update, looks like that attribute is when the app is installed and not run yet. I uninstalled it and re-installed for testing. Once I ran the app it removed the quarantine flag
EDIT2:
Getting errors when removing privileges
MLBZ521
commented
2 years ago Yeah, that quarantine bit will be a problem. So progress has been made, that's good.
You'll need to review the logs to figure out what is going on now. See the FAQ for accessing logging.
I deployed the application thru SimpleMDM, no custom plist file. Setup a standard user Logged in as the user Launched Privileges Requested permissions
Nothing happens. What do I need to configure it to work?