TeamViewer: macOS Client Setup
What
FileWave's TeamViewer integration requires endpoint prerequisites on each supported platform. In future versions, we may embed some of these prerequisites, but at this time, we erred on the side of letting you control the elements. So, slightly more work but much greater control.
When/Why
TeamViewer is used to remotely control your clients. You can use TeamViewer when you need access to a device for troubleshooting or assisting a user. TeamViewer for macOS differs from other OSs because it requires a few privacy permissions before allowing TeamViewer to be installed.
How
We'll need to meet prerequisites for macOS client devices in order for TeamViewer to work seamlessly.
We'll need the:
-
Server and Clients have to be FileWave 14.7+
-
General TeamViewer Prerequisites are met, ensuring that clients are set to allow remote control
-
TCC Profile for TeamViewer Host - Accessibility and Full Admin Access
The below describes installing the TeamViewer Host application. The full TeamViewer application is only necessary for computers wanting to remote into other computers. The Host application is only allowed to accept connections and not initiate them. You can use both, but we highly recommend the Host application.
(During an attempt to prompt a device for control, users will be prompted to either install or launch a local copy of Teamviewer. Only the TeamViewer Host version can be launched if pre-installed.)
FileWave Client (14.7+)
Remember to always use the client updater Fileset to update your clients. Do NOT push the FileWave client PKG to upgrade macOS clients.
The most recent FileWave client is always included on the FileWave download pages, which you can find here: Downloads
TCC Profile for TeamViewer Host - AccessibilityAccessibility, Screen Recording and Full Admin Access
BothScreen profilesSharing is a service deemed by Apple as user privacy. Hence, users must locally enable Screen Sharing on macOS.
The profile enables 2 of the 3 permissions TeamViewer Host requires. The 3rd, Screen Recording, is a privacy setting that can not be allowed by anyone other than a local user. Standard Users do not have permissions to allow Screen Recording by default. This option to allow a non-Admin to enable Screen Sharing is available in one ofenabled the provided Profiles.Profile.
Screen
Profile SharingDownload is(macOS a11+): service deemed by Apple as user privacy. Hence, users must locally enable Screen Sharing on macOS.TeamViewerHost15AllowUser.mobileconfig
OnceThe allowed, if left enabled, subsequent TeamViewer sessions to that device my be actioned, without user prompting.
Both Profiles have the following settings:
However, one of them allows Screen Recording to be enabled by a non-Admin user:
Each profileProfile contains two payloads: Privacy Settings & Custom Settings
Privacy Settings
The following Security & Privacy settings are allowed/enabled in the provided Profile.
Permissions to allow TeamViewer access rights.
|
Custom Settings
Example additional configuration.
The included example settings include:
- Security_Adminrights -- Lock TeamViewer options for Administrator rights
- Security_PasswordStrength -- Password disabled, ensuring access is only via FileWave
TeamViewer Host Fileset
The included Filesets are examples which utiliseutilize a settings file set to instalinstall the software silently.
Choose an embedded TeamViewer Fileset:Fileset
TeamViewer Host Install macOS 15.52.3.fileset.zip
|
Consider downloading the latest version of TeamViewer Host PKG from the TeamViewer website, if desired:
After downloading, replace the current 'Install TeamViewerHost.pkg' with the downloaded version, ensuring the name of the PKG installer matches.
- 1. Rename download as: 'Install TeamViewerHost.PKG'
- 2. Double click current TeamViewer Fileset
- 3. Expand: '/usr/local/etc/TeamViewer'
- 4. Replace PKG
Fileset Contents:
Installer and Installer Options:
The choices.xml file is configured to instal the .pkg silently.
Requirement Script:
Where software is already installed and services are active, Privacy Settings Profiles installed subsequently require the service of that software to be restarted. This Fileset example includes a Requirement Script that checks for profile installation before activating TeamViewer, preventing the need to restart the TeamViewer Host service.
#!/bin/zsh
found_profile="ml1063.local.5a57bcb9-7293-4cba-a20b-126eb2660b25.Configuration.5a57bcb9-7293-4cba-a20b-126eb2660b25"
while [ $# -gt 0 ]
do
found_profile=$(profiles list all | awk -v search=$1 '$0 ~ search {print $NF}')
if [ ! -z $found_profile ]
then
echo "Found installed profile: $found_profile"
exit 0
else
echo "Did not find $1"
fi
shift
done
exit 1The 'check_tv_profile.sh' script is designed to recognise one ofrecognize the twoprovided provided ProfilesProfile and, once installed, allow activation of the Fileset. If Profiles with a different Profile ID are used instead of thosethe one supplied, the script settings will require alteration.
- Double click the Fileset
- Select the 'check_tv_profile.sh' (located in a numbered subfolder in /var/scripts/)
ChooseSelectGet'EditInfoText'- Replace
Executabletheview'found_profile' variable with the ID of your Profile (ID can be found by double-clicking on the profile. The ID is at the bottom if the info window) - Save
The Launch Arguments show the two possible Payload IDs. Add in your own Profile ID if not using the provided ones.
The two profiles may be uploaded simultaneously. The Fileset Requirement Script is able to identify either profile.
Activation Script:
The script in this case is installing the PKG. Note the script allows the specifying of the 'choices.xml' file when ran.
#!/bin/zsh
installer -applyChoiceChangesXML /usr/local/etc/TeamViewer/choices.xml -pkg "/usr/local/etc/TeamViewer/Install TeamViewerHost.pkg" -target /
exit 0Post-Uninstallation Script:
the 'mac_teamviewer_uninstaller.sh' script uninstalls TeamViewer if an association or deployment no longer exists.