Meraki

Community

3rd Party System Preferences Blocked

jm_peterson
Getting noticed
‎Aug 14 2018 7:16 AM
‎Aug 14 2018 7:16 AM

3rd Party System Preferences Blocked

Im trying to find away around all of our 3rd party extensions being blocked in System Preferences. It seems that no matter the configuration we choose, if we manipulate anything within System Preferences for a profile then any 3rd party item (Flash, mySql, Jabra, Java etc) are greyed out. These can all be used in other ways but the convenience of starting the programs from there is being voiced by our end users. Maybe there is something simple I am missing with this, but any help would be appreciated! 

Labels:
0 Kudos
8 Replies 8
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 14 2018 1:03 PM
‎Aug 14 2018 1:03 PM

What platform are you referring to?  Android, iOS, MacOS, Windows?

0 Kudos
In response to PhilipDAth
jm_peterson
Getting noticed
‎Aug 14 2018 3:00 PM
‎Aug 14 2018 3:00 PM

My apologies for not clarifying. MacOS.

0 Kudos
In response to jm_peterson
jcapitan
Conversationalist
‎Sep 13 2018 7:54 AM
‎Sep 13 2018 7:54 AM

I am having this issue as well on MacOS.  Is there any solution for this?

0 Kudos
In response to jcapitan
jm_peterson
Getting noticed
‎Sep 13 2018 8:05 AM
‎Sep 13 2018 8:05 AM

 @jcapitan I ended up creating mobileconfig files for different roles, and removing system preference management from the profile. So I apply the other settings I need for each role and then adjust the settings in following mobileconfig for each role.

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>PayloadIdentifier</key>
    <string>com.yourorg.prefpanes</string>
    <key>PayloadRemovalDisallowed</key>
    <true/>
    <key>PayloadScope</key>
    <string>System</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>72F73F53-A5E6-48CE-AB73-27641F526EF7</string>
    <key>PayloadOrganization</key>
    <string>YOURCOMPANYNAME</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>PayloadDisplayName</key>
    <string>Preference Panes</string>
    <key>PayloadContent</key>
    <array>
      <dict>
        <key>PayloadType</key>
        <string>com.apple.systempreferences</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadIdentifier</key>
        <string>com.yourorg.profile.prefpanes</string>
        <key>PayloadEnabled</key>
        <true/>
        <key>PayloadUUID</key>
        <string>d264dfc2-2b01-f0d0-24e2-9c98d6f3239b</string>
        <key>PayloadDisplayName</key>
        <string>Preference Panes</string>
        <key>EnabledPreferencePanes</key>
        <array>
          <string>com.apple.preferences.Bluetooth</string>
          <string>com.apple.preference.datetime</string>
          <string>com.apple.preference.desktopscreeneffect</string>
          <string>com.apple.preference.digihub.discs</string>
          <string>com.apple.preference.displays</string>
          <string>com.apple.preference.dock</string>
          <string>com.apple.preference.expose</string>
          <string>com.apple.preferences.extensions</string>
          <string>com.apple.preference.general</string>
          <string>com.apple.preference.ink</string>
          <string>com.apple.preference.keyboard</string>
          <string>com.apple.Localization</string>
          <string>com.apple.preference.mouse</string>
          <string>com.apple.preference.network</string>          
          <string>com.apple.preference.notifications</string>
          <string>com.apple.preferences.parentalcontrols</string>
          <string>com.apple.preferences.password</string>
          <string>com.apple.preference.printfax</string>
          <string>com.apple.preference.sound</string>
          <string>com.apple.preference.speech</string>
          <string>com.apple.preference.spotlight</string>
          <string>com.apple.preference.trackpad</string>
          <string>com.apple.preference.universalaccess</string>
          <string>com.apple.preferences.appstore</string>
          <string>com.apple.prefs.backup</string>
          <string>com.apple.preference.energysaver</string>
          <string>com.apple.preference.security</string>
          <string>com.apple.preferences.sharing</string> 
          <string>com.apple.preferences.softwareupdate</string>
          <string>com.apple.preference.startupdisk</string>
          <string>com.apple.preferences.internetaccounts</string>
          <string>com.apple.preferences.wallet</string>
          <string>com.apple.prefpanel.fibrechannel</string>   
          <string>com.apple.Xsan</string>          
          <string>com.gnnet.Jabra</string>
        </array>
        <key>DisabledPreferencePanes</key>
        <array>
          <string>com.apple.preferences.internetaccounts</string>
          <string>com.apple.preferences.configurationprofiles</string>
          <string>com.apple.preferences.icloud</string>
          <string>com.adobe.flashplayerpreferences</string>
          <string>com.oracle.java.JavaControlPanel</string>
        </array>
      </dict>
    </array>
  </dict>
</plist>

 The following article is helpful for getting the preference pane id for third party applications.
http://apetronix.com/find-pane-id-for-system-preferences-app/ 

0 Kudos
In response to jm_peterson
L4d1k
Here to help
‎Sep 11 2019 4:29 PM
‎Sep 11 2019 4:29 PM

Hi,

Thank you for the information.

Unfortunately it looks like meraki didn't fixed the problem for some time now since I have just discovered it to be a problem.

I have been creating mobileconfig files for other options that are not available on meraki but I don't want to be creating them for something that is listed as supported.

I am starting to think that meraki is dropping the ball and not supporting its customers.

Very unfortunate because if it continues like this I will be looking to switch to JAMF MDM solution next year.

 

0 Kudos
In response to L4d1k
jm_peterson
Getting noticed
‎Sep 12 2019 8:21 AM
‎Sep 12 2019 8:21 AM

@L4d1k While I have an ever-growing list of things I wish Meraki could do, this feature was silently implemented. If you enable the System Preferences Payload at the bottom you can list the Third Party System Preference Panes you wish to enable. You can use http://apetronix.com/find-pane-id-for-system-preferences-app/ to get the pane-ID for the apps you need to whitelist. Screen Shot 2019-09-12 at 10.18.06 AM.png

In response to jm_peterson
Noah_Salzman
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Sep 12 2019 9:37 AM
‎Sep 12 2019 9:37 AM

Sorry about the sneaky delivery of that feature. We are currently working with the Documentation team on a better system for announcing and documenting minor features/improvements. 

 

Noah Salzman

Product Manager for Meraki SM

sshort
Building a reputation
‎Sep 13 2018 2:40 PM
‎Sep 13 2018 2:40 PM

The template in Meraki acts as a whitelist, so anything 3rd party essentially gets blacklisted by default. You can use Profile Manager in the macOS Server app to specifically white or black list any prefs pane. My GitHub has an example profile I made in that tool that just blocks the Profiles prefs pane, thereby allowing anything else not explicitly blacklisted.

 

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.