Manually Creating a Configuration Profile to Grant Privacy Permissions for TeamViewer

Jamf Pro Documentation 11.16.0
Solution
Application
Content Type
Technical Documentation
Utilities & Services
version
11.16.0
ft:locale
en-US
vrm_version
11.16.0
  1. In Jamf Pro, click Computers in the sidebar.
  2. Click Configuration Profiles in the sidebar.
  3. Click New.
  4. Use the General payload to configure basic settings.
  5. Configure the Privacy Preferences Policy Control payload:
    1. In the Identifier field, enter com.teamviewer.TeamViewerQS.
    2. From the Identifier type pop-up menu, choose Bundle ID.

      The procedure includes TeamViewer QuickSupport as the application for remote administration. Use the following identifiers and code requirements for the respective TeamViewer applications:

      TeamViewer QuickSupport

      Identifier: com.teamviewer.TeamViewerQS

      anchor apple generic and identifier "com.teamviewer.TeamViewerQS" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = H7UGFBUGV6)
      TeamViewer Full normal/TeamViewer Full start as service

      Identifier: com.teamviewer.TeamViewer

      anchor apple generic and identifier "com.teamviewer.TeamViewer" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = H7UGFBUGV6)
      TeamViewer Host

      Identifier: com.teamviewer.TeamViewerHost

      anchor apple generic and identifier "com.teamviewer.TeamViewerHost" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = H7UGFBUGV6)
    3. In the App or Service table, add the following:

      • Accessibility with the value Allow—This will grant the Accessibility permission.

      • SystemPolicyAllFiles with the value Allow—This will grant the Full Disk Access permission.

      • (Optional, computers with macOS 11 or later only) ScreenCapture with the value Allow Standard Users to Allow Access—This will grant the Screen Recording permission. Users without administrator privileges must decide if TeamViewer can share the screen.

      Important:

      Attempting to deploy the configuration profile with the ScreenCapture setting to computers with macOS 10.15.7 or earlier will cause the profile installation to fail.

  6. Click the Scope tab and configure the scope of the profile.
  7. (Optional) If you chose to make the profile available in Self Service, click the Self Service tab to configure Self Service settings for the profile.
  8. Click Save .

The profile is distributed to the deployment targets in the scope the next time they contact Jamf Pro.