Skip to end of metadata
Go to start of metadata



This guide can be used to force a macOS computer to allow the FileWave client's observe process rights to accessibility with out user intervention. It can only be used on applications that meet the requirements.

Requirements to work:

You can follow the guide or feel free to use the attached Filesets. 

For Servers on 13.0.X and older 

FileWave Accessibility Access .mobileconfig.zip

For 13.1 and newer 

Profile - FileWave Observe Accessibility Access .fileset.zip

Step-by-step guide

You will need a few pieces of information to do this:

Either the application path OR Bundle ID for the profile, but you will need the path to figure out the Bundle ID.

  1. App Path:
    1. Install and then launch the application so that it prompts for privacy access
    2. Open System Preferences → Security & Privacy → Privacy Tab (Figure 1.1)
    3. Unlock on the bottom left corner
    4. Right-Click the application in the list and choose 'Show in Finder'  

      'Observe Client' path is:

      /usr/local/sbin/filewave-vnc-server
  2. Bundle ID:
    1. Install and then launch the application so that it prompts for privacy access
    2. Open System Preferences → Security & Privacy → Privacy Tab (Figure 1.1)
    3. Unlock on the bottom left corner
    4. Right-click the application in the list and choose 'Show in Finder' 
    5. Right-click the application and choose 'Show Package Contents' (Figure 2.1)
    6. Browse to the 'Contents' folder then open the 'Info.plist' file in a text editor
    7. Look for 'CFBundleIdentifier'  (Figure 2.2)

      'Observe Client' Bundle ID is:

      com.filewave.filewave-vnc-server

Code Requirement:

  1. Knowing the path run the following command:

    sudo codesign --display -r - /path/to/app
  2. The output will look something like this: 

    $ sudo codesign --display -r - /usr/local/sbin/filewave-vnc-server 
    Password:
    Executable=/usr/local/sbin/filewave-vnc-server
    designated => identifier "com.filewave.filewave-vnc-server" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "83S2TRZ3CS"
  3. This is the information you will need for the profile: 

    From the above example output we can see the observer client only needs:

    identifier "com.filewave.filewave-vnc-server" and anchor apple generic

Creating the Fileset:

  1. From FileWave Admin → filesets → New desktop/mobile Fileset → Profiles
  2. Give it a name like "Allow FileWave client Observe"
  3. Find the 'Security & Privacy' payload on the left → Click "configure" →  select the 'Privacy' tab
  4. Hit the [ + ] to create a new consent
  5. For 'App path' or 'Bundle ID', input the values from earlier
  6. Click '+' to add a new macOS service to the list and specify the settings for each additional service.
    1. Accessibility
    2. Post System Events
  7. For 'Code Requirement' fill in the identifier information from from the "codesign" command
  8. It should look something like Figure 3.1
  9. Hit 'OK' to apply the privacy options
  10. Deploy to a test computer and verify in the privacy options of system preferences



Figure 1.1 - Security & Privacy Preferences




Figure 2.1 - Open info.plist for Bundle ID

Figure 2.2 - Find Bundle ID






Figure 3.1 - Profile