Welcome to our community!

Sign macOS app

Avatar
Alex Hart
  • updated
  • Completed

In order to deploy macOS privacy preferences policy via MDM/DEP, the macOS app in Mojave that needs exceptions must be signed. Otherwise, a user has to create exceptions to allow remote control via ConnectWise Control, which isn't ideal. I don't want to have to sign your app to get the payload pushed out to create the exceptions from our management software. If you signed your apps like other developers, this would be much easier for all users, like those of the Addigy and JAMF communities. 

Duplicates 1
Please Implement code signing for MAC OS PKG installers.

This has been an issue for some time and it is getting worse with the latest release of MACOS Mojave. https://control.product.connectwise.com/communities/6/topics/1974-complicated-process-required-to-control-macos-1014-mojave-clients


Security requirements are increasing and there may come a point where we cannot use ScreenConnect to manage/support Macs. If that happens, it will force us to abandon Screenconnect for managing Macs which means less revenue for you.  Since you have a cert in use for the windows EXE, why not sign the PKG files for Macs with the same cert?  Can someone in business development review this and get an internal count of how many hundreds or thousands or tens of thousands of machines are currently under Control?  It's likely a big impact.

Thanks for your time and consideration.

Replies 101
Avatar
2
anonymous
Quote from anonymous

@Headbolt: There is a new version of 6.9 available in the Canary channel in Control Cloud (6.9.21870.6964). This includes several fixes for macOS Mojave (including the signing of the access client) and is currently in testing.

!!!!NOTE: Versions in the Canary channel have not completed internal testing and are not appropriate for production environments!!!!

A new version of 6.9 will be available in the Preview channel once testing is complete. I will keep this thread updated with details.

This version (6.9.21870.6964) is now available in the Control Cloud Preview channel. Barring setbacks, this version should be able to be made stable next week.

Avatar
-1
Headbolt

Does this version include the signing fix? Do we have an idea what day it will be made stable ?

Avatar
1
Headbolt

Have a Free Cloud account that is seemingly on that version now, have tested with that and created a Config Profile to deal with the TCC issue.

Seems to work.

Will re-test when This release goes stable and we have updated our live install

Avatar
1
Headbolt

FYI for those that need it, here are the settings i use to allow the TCC/PPPC to work.

The Client ID does not seem to be an issue, so this should work for anyone on the new version.


I do mine in JAMF

APP

Identifier

com.screenconnect.client.access

Bundle ID

Code Requirement

identifier "com.screenconnect.client.access" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = K8M3XDZV9Y


APP or Service

Accessibility


AppleEvents

        Reciever Identifier

        com.apple.systemevents

        Bundle ID

        Reciever Code Requirements

        identifier "com.apple.systemevents" and anchor apple


Avatar
0
anonymous

UPDATE: There have been no major error reports received from Cloud Preview partners about 6.9.21870.6964. This pre-release is available to on-prem partners through the ConnectWise Control downloads page (https://www.connectwise.com/software/control/download). It will hopefully be upgraded to stable next week.

Avatar
0
Alex Hart
Quote from anonymous

UPDATE: There have been no major error reports received from Cloud Preview partners about 6.9.21870.6964. This pre-release is available to on-prem partners through the ConnectWise Control downloads page (https://www.connectwise.com/software/control/download). It will hopefully be upgraded to stable next week.

That page shows "there are no pre-release versions available at this time."

Avatar
0
anonymous
Quote from Alex Hart

That page shows "there are no pre-release versions available at this time."

Sorry, that page is still updating.  Try this one in the meantime: https://www.screenconnect.com/Download?result=5sdfss156d156sfsd156fsd156f

Avatar
0
Tom R

Any word on when this will got to stable and be available to cloud customers? I can sign my customized app and set the appropriate PPPC settings via my MDM which allows the app to launch but every time an update (and subsequent reinstall) of the app comes out this breaks the code signing and is very annoying.

Avatar
0
anonymous
Quote from Tom R

Any word on when this will got to stable and be available to cloud customers? I can sign my customized app and set the appropriate PPPC settings via my MDM which allows the app to launch but every time an update (and subsequent reinstall) of the app comes out this breaks the code signing and is very annoying.

Should be in the next few days. We are soliciting more feedback on the build from Cloud preview partners before we declare it stable. The more partners that participate in the preview channel, the faster we can graduate builds to stable.

Avatar
0
anonymous

v6.9.21870.6964 has been promoted to stable and is available for on-prem and cloud partners. This thread should remain open while documentation is being completed.



Top contributors
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar