Welcome to our community!

Sign macOS app

Alex Hart

7 years ago
updated 9 months ago
Completed

In order to deploy macOS privacy preferences policy via MDM/DEP, the macOS app in Mojave that needs exceptions must be signed. Otherwise, a user has to create exceptions to allow remote control via ConnectWise Control, which isn't ideal. I don't want to have to sign your app to get the payload pushed out to create the exceptions from our management software. If you signed your apps like other developers, this would be much easier for all users, like those of the Addigy and JAMF communities.

Duplicates 1

Please Implement code signing for MAC OS PKG installers.

Darrin Erickson

This has been an issue for some time and it is getting worse with the latest release of MACOS Mojave. https://control.product.connectwise.com/communities/6/topics/1974-complicated-process-required-to-control-macos-1014-mojave-clients

Security requirements are increasing and there may come a point where we cannot use ScreenConnect to manage/support Macs. If that happens, it will force us to abandon Screenconnect for managing Macs which means less revenue for you. Since you have a cert in use for the windows EXE, why not sign the PKG files for Macs with the same cert? Can someone in business development review this and get an internal count of how many hundreds or thousands or tens of thousands of machines are currently under Control? It's likely a big impact.

Thanks for your time and consideration.

Replies 101

Newest first
Newest first Oldest first

John Case

3 years ago

Can someone from ConnectWsie please give us an update on this feature request? It has been 3 years since requested.

Reply Link

Tom R

5 years ago

Oh sorry the pkg. Correct. Still though most MDMs should handle that. I know JAMF does.

Reply Link

Ryan Morash

5 years ago

Quote from Tom R

The current version should be signed. At least it is for us. Also if you deploy through MDM siding should not be a factor (depending on the MDM) as most install software as root which is not affected by Gatekeeper requirements.

Might you be getting hit by PPPC settings that need to be whitelisted? Accessibility or Screen Recording?

The access agent installer is not signed, the agent itself is. Our MDM documentation states that apps must be signed. I just ended up signing and notarizing it from my personal developer account.

Reply Link

Tom R

5 years ago

Might you be getting hit by PPPC settings that need to be whitelisted? Accessibility or Screen Recording?

Reply Link

AMcCabe

5 years ago

Quote from Ryan Morash

We are trying to deploy the ScreenConnect Access agent to our Macs through our MDM but are unable to do so as the pkg is not signed or notarized. Are there any plans to solve this?

I'm not aware of any plans to sign/notarize the pkg at the moment, but a workaround would be to first deploy the support guest client, and then from the Support tab select all sessions and Install Access (though this is assuming that your license allows support sessions)

Reply Link

Ryan Morash

5 years ago

We are trying to deploy the ScreenConnect Access agent to our Macs through our MDM but are unable to do so as the pkg is not signed or notarized. Are there any plans to solve this?

Reply Link

-1

Howie Isaacks

6 years ago

I'm going to push to remove Screen Connect from all of our managed Macs. This is not the first time the ConnectWise has failed to deliver a quality product on the Mac. I asked over 2 years ago when or if you would create a native client for ConnectWise on the Mac so I could stop using the web client. I was told that one was coming. Obviously that wasn't true because I'm still waiting. We need a quality remote support agent, and Screen Connect isn't it. You can tell us not to upgrade to Catalina, but that's a very ignorant suggestion. New Macs will come preinstalled with it, and they will not boot properly from an older version of macOS, if at all. Using the excuse that you're at the mercy of Apple is lame. You have had macOS Catalina since it was released to developers in June. Your top priority should have been to make Screen Connect work. And one more thing... I don't appreciate that I have to reissue my configuration profile whitelisting Screen Connect every time there's an update for it. Why?

Reply Link

Caitlin M Barnes Team Member

6 years ago

Quote from ASimm

Hello @Catalina, there is not way to automate the approval of the PPPC Screen Recording option on macs with macOS 10.15 installed. ConnectWise ScreenConnect prompts for this to be approved after installation. On managed devices with macOS 10.15 installed it doesn't look like this installation can be completed without manual intervention, which isn't realistic when managing devices at multiple locations.

Hi ASimm,

Unfortunately, we're at the mercy of Apple and their security decisions. We've done what we can do smooth the process of remotely connecting to Macs, and will continue to look for ways to improve this process as later Catalina versions come out. However, as with Mojave, it is required that some manual intervention take place on the end users machine. However, some users have reported that with Apple MDM you can setup/deploy your own privacy policy that whitelists the application, which allows you to remotely approve the use of CW Control without any enduser intervention on the first connection. There is some discussion of that in the thread above.

Best,

Caitlin

Reply Link