Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added that this doesn't work on Catalina



This guide can be used to force a macOS computer to allow the FileWave client's observe process rights to accessibility with out user intervention. It can only be used on applications that meet the requirements.

Warning

Requirements to work:


You can follow the guide or feel free to use the attached Filesets. 

For Servers on 13.0.X and older 

View file
nameFileWave Accessibility Access .mobileconfig.zip
height250

For 13.1 and newer 

View file
nameProfile - FileWave Observe Accessibility Access .fileset.zip
height250

Step-by-step guide

You will need a few pieces of information to do this:

Either the application path OR Bundle ID for the profile, but you will need the path to figure out the Bundle ID.

  1. App Path:
    1. Install and then launch the application so that it prompts for privacy access
    2. Open System Preferences → Security & Privacy → Privacy Tab (Figure 1.1)
    3. Unlock on the bottom left corner
    4. Right-Click the application in the list and choose 'Show in Finder'  

      Info

      'Observe Client' path is:

      Code Block
      /usr/local/sbin/filewave-vnc-server



  2. Bundle ID:
    1. Install and then launch the application so that it prompts for privacy access
    2. Open System Preferences → Security & Privacy → Privacy Tab (Figure 1.1)
    3. Unlock on the bottom left corner
    4. Right-click the application in the list and choose 'Show in Finder' 
    5. Right-click the application and choose 'Show Package Contents' (Figure 2.1)
    6. Browse to the 'Contents' folder then open the 'Info.plist' file in a text editor
    7. Look for 'CFBundleIdentifier'  (Figure 2.2)

      Info

      'Observe Client' Bundle ID is:

      Code Block
      com.filewave.filewave-vnc-server



Code Requirement:

  1. Knowing the path run the following command:

    Code Block
    sudo codesign --display -r - /path/to/app


  2. The output will look something like this: 

    Code Block
    $ sudo codesign --display -r - /usr/local/sbin/filewave-vnc-server 
    Password:
    Executable=/usr/local/sbin/filewave-vnc-server
    designated => identifier "com.filewave.filewave-vnc-server" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "83S2TRZ3CS"


  3. This is the information you will need for the profile: 

    Info

    From the above example output we can see the observer client only needs:

    Code Block
    identifier "com.filewave.filewave-vnc-server" and anchor apple generic



Creating the Fileset:

  1. From FileWave Admin → filesets → New desktop/mobile Fileset → Profiles
  2. Give it a name like "Allow FileWave client Observe"
  3. Find the 'Security & Privacy' payload on the left → Click "configure" →  select the 'Privacy' tab
  4. Hit the [ + ] to create a new consent
  5. For 'App path' or 'Bundle ID', input the values from earlier
  6. Click '+' to add a new macOS service to the list and specify the settings for each additional service.
    1. Accessibility
    2. Post System Events
  7. For 'Code Requirement' fill in the identifier information from from the "codesign" command
  8. It should look something like Figure 3.1
  9. Hit 'OK' to apply the privacy options
  10. Deploy to a test computer and verify in the privacy options of system preferences




Figure 1.1 - Security & Privacy Preferences






Figure 2.1 - Open info.plist for Bundle ID


Figure 2.2 - Find Bundle ID








Figure 3.1 - Profile