Environment
- App Control Mac Agent: 8.7 and Higher
- VMware Workspace One
Objective
How to Add an Identifier Longer Than the WS1 UI String Limit for Mac Agent 8.7+
Resolution
- Edit the Profile and add a custom Payload
- In the Custom Settings menu, add the following XML
<dict> <key>Services</key> <dict> <key>SystemPolicyAllFiles</key> <array> <dict> <key>Identifier</key> <string>com.vmware.carbonblack.appc-es-loader.appc-es-extension</string> <key>IdentifierType</key> <string>bundleID</string> <key>CodeRequirement</key> <string>identifier "com.vmware.carbonblack.appc-es-loader.appc-es-extension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "7AGZNQ2S2T"</string> <key>StaticCode</key> <false /> <key>Comment</key> <string></string> <key>Allowed</key> <true /> </dict> </array> </dict> <key>PayloadDisplayName</key> <string>PrivacyPreferences</string> <key>PayloadDescription</key> <string>PrivacyPreferencesSettings</string> <key>PayloadOrganization</key> <string></string> <key>PayloadType</key> <string>com.apple.TCC.configuration-profile-policy</string> <key>PayloadUUID</key> <string>d61f9f50-88ee-4139-a2e9-37b7d4f7ae71</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadIdentifier</key> <string>1997a5db-ac7f-426a-a038-8c64c341cb4b.PrivacyPreferences</string> </dict> - Once applied, the XML sets the PrivacyPreferences payload as a Custom Setting
Additional Notes
- In the particular case of App Control 8.7 where System Extensions were introduced, The payload for having full disk access for appc-es-extension exceeds the allowed limit.
- The steps above, are an alternative way around applying the Policy Preferences payload, setting System Policy All Files to Allow, per the image below:
Thank you for your feedback.
Your feedback has been submitted and will be reviewed.