Jamf Deployment
      Back to home
      1. Knowledge Base
      2. Jamf Deployment

      Grant Full Disk Access Using PPPC Utility and Jamf Pro

      A Step-by-Step Guide to Automating Privacy Preferences

      Introduction

      This guide provides instructions for using the PPPC Utility and Jamf Pro to automate granting Full Disk Access and other permissions to macOS applications. Please follow these steps to ensure the necessary privacy preferences across managed devices are deployed.

      Steps to Grant Full Disk Access Using PPPC Utility

      1. Download and Install the PPPC Utility

      2. Create a Configuration Profile

        • Launch the PPPC Utility.
        • Add the application requiring Full Disk Access
        • Set the necessary permissions:
          • For Full Disk Access, you need to utilize the All files property and set the Access level to Allow.
        • Save the configuration profile locally, signed or unsigned, based on your requirements.

      2. Upload the Profile to Jamf Pro

        • Log in to your Jamf Pro console.
        • Navigate to Computers > Configuration Profiles.
        • Click on + New to create a new configuration profile.
        • Upload the configuration profile you created with the PPPC Utility.
        • Assign the profile to the appropriate target devices or groups.

      3. Deploy the Profile

        • The profile will grant the specified Full Disk Access permissions to the application.

      Important Considerations

      • System Preferences Reflection:
        Some PPPC settings applied via MDM or configuration profiles may not visibly appear in System Preferences > Security & Privacy.
        To verify if the settings are active:

        • Check the Profiles pane in System Preferences.

      • Restart Requirement:
        After deploying the profile, a system restart or user log-out/in may be necessary for the changes to take effect.

      Conclusion

      Using the PPPC Utility with Jamf Pro simplifies granting macOS applications Full Disk Access. Please follow these steps to complete the configuration and ensure compliance across all managed devices.

      FAQs

      Q: Can unsigned configuration profiles be uploaded to Jamf Pro?
      A: Unsigned profiles can be uploaded, but signed profiles ensure greater security and integrity during deployment.

      Q: How can I confirm that the permissions are applied correctly?
      A: Check the Profiles pane in System Preferences.

      Q: What should I do if the profile doesn’t work as expected?
      A: Verify the accuracy of the application identifier and path in the PPPC Utility. Restart the system or log out/in to apply changes.