Overview
Apple introduced in macOS Big Sur changes to who can control their Privacy Preferences Policy Control Settings (PPPC). As of macOS Big Sur, Standard Users are no longer able to approve applications requesting access to `Screen Recording` or `Listen Events`.
In order to allow Standard Users to approve these controls without converting the account to an Admin User, a PPPC MDM Configuration needs to be applied to macOS 11 Big Sur devices to allow Standard User Approval.
Requirements
- macOS Big Sur 11
- User Approved MDM
Configuring the PPPC Profile for Standard Users
In order to configure a PPPC Profile to allow Standard Users to approve the following fields should be leveraged:
- Navigate to `Policies > Catalog > MDM Configurations > Privacy Preferences Policy Control`
- Identify the fields `Access to Listen Events` and `Ability to Screen Capture`
- Add the `Identifier` and `Code Requirement` and set `Allowed` to `Allows Standard User To Set System Service`.
Below we have also provided the Identifier and Code Requirement for ScreenConnect.
|
Identifier:
com.screenconnect.client.access
Code Requirement:
identifier "com.screenconnect.client.access" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = K8M3XDZV9Y
|
If you would like the Identifier and Code Requirement for a different application please follow the KB below to find that information.
Creating and Deploying a PPPC Payload
Example
In the below example we are going to approve or allow standard users to approve the Screen Recording control on their macOS 11 Big Sur Device.
System Preferences Behavior
Once this Configuration is applied to a device, Standard Users will have the ability to approve the applications that have been approved using these MDM Configurations.
Example
In the below example a ConnectWise Control payload was deployed to the device allowing the User to approve Screen Recording only for this specific application.
