Welcome to our community!

Sign macOS app

Avatar
Alex Hart
  • updated
  • Completed

In order to deploy macOS privacy preferences policy via MDM/DEP, the macOS app in Mojave that needs exceptions must be signed. Otherwise, a user has to create exceptions to allow remote control via ConnectWise Control, which isn't ideal. I don't want to have to sign your app to get the payload pushed out to create the exceptions from our management software. If you signed your apps like other developers, this would be much easier for all users, like those of the Addigy and JAMF communities. 

Duplicates 1
Please Implement code signing for MAC OS PKG installers.

This has been an issue for some time and it is getting worse with the latest release of MACOS Mojave. https://control.product.connectwise.com/communities/6/topics/1974-complicated-process-required-to-control-macos-1014-mojave-clients


Security requirements are increasing and there may come a point where we cannot use ScreenConnect to manage/support Macs. If that happens, it will force us to abandon Screenconnect for managing Macs which means less revenue for you.  Since you have a cert in use for the windows EXE, why not sign the PKG files for Macs with the same cert?  Can someone in business development review this and get an internal count of how many hundreds or thousands or tens of thousands of machines are currently under Control?  It's likely a big impact.

Thanks for your time and consideration.

Replies 101
Avatar
0
Headbolt

Bad news people, this is now Broken again in Catalina, so upgrade with Caution.

There is a new "Screen Recording" Section in PPPC now that ScreenConnect needs to also be added to, but there is no tool or guidance on how to create a Profile to do it at present.


The addition of this Section also breaks 3rd Party Docks by the way, so if you have one, manually add your Dock software to the new section, or hold off the upgrade until any tools are updated to suit.

Avatar
-1
Howie Isaacks

I'm going to push to remove this crapware from every Mac that we manage. ConnectWise does not care about the user experience on Macs. If they did they would stay on top of this. They would also create an agent that doesn't activate the discrete GPU on MacBook Pros. That issue has been going on for over 2 years. It's very clear that Apple users are not the priority at ConnectWise. 

Avatar
0
Caitlin M Barnes Team Member

We are currently working on the necessary notaries and signing for Catalina's public release in mid-September. 

Avatar
0
Headbolt
Quote from Howie Isaacks

I'm going to push to remove this crapware from every Mac that we manage. ConnectWise does not care about the user experience on Macs. If they did they would stay on top of this. They would also create an agent that doesn't activate the discrete GPU on MacBook Pros. That issue has been going on for over 2 years. It's very clear that Apple users are not the priority at ConnectWise. 

I posted this as an FYI and warning, it's not connectwise's fault.


Be fair Howie, this security change was unannounced and only appeared in Catalina Beta 6 and that was only released 10 days ago, there is no remote control software on the market that is ready for this yet and I'd imagine 3rd party dock vendors are going nuts to get this fixed for release as well.

Naturally Apple docks and Apples own ARD are exempt from this, for all the good ARD does when devices are out of the office.


these unannounced features trip up everyone on every release, I'm sure Apple do it to nudge people into sticking to all Apple peripherals etc 


This update will break many things, and while there is a manual fix, Apple has provided no documentation on how to automate this for enterprises.

BTW if the manual route is ok for you, simply go to the PPPC system preference and tick screen connect or your dock app in the Screen Recording section.

Avatar
0
Alex Heylin

Any chance of getting ahead of this game in future so support is ready before the OS is released?

We don't control when our customers update - and Mac users seem to LOVE updating on release day.

Thanks

Avatar
0
Howie Isaacks
Quote from Headbolt

I posted this as an FYI and warning, it's not connectwise's fault.


Be fair Howie, this security change was unannounced and only appeared in Catalina Beta 6 and that was only released 10 days ago, there is no remote control software on the market that is ready for this yet and I'd imagine 3rd party dock vendors are going nuts to get this fixed for release as well.

Naturally Apple docks and Apples own ARD are exempt from this, for all the good ARD does when devices are out of the office.


these unannounced features trip up everyone on every release, I'm sure Apple do it to nudge people into sticking to all Apple peripherals etc 


This update will break many things, and while there is a manual fix, Apple has provided no documentation on how to automate this for enterprises.

BTW if the manual route is ok for you, simply go to the PPPC system preference and tick screen connect or your dock app in the Screen Recording section.

I am being fair. ConnectWise is marginalizing Mac users. Any GOOD developer would download and install macOS Catalina developer beta and begin working on making needed changes their software. It took ConnectWise MONTHS to give us a signed agent that could be whitelisted using a configuration profile. They have not bothered to do anything about how this software activates the discrete GPU which causes excessive battery drain. I can go a whole 8-10 hour day without plugging in my MacBook Pro to power but I couldn't do that if I had Screen Connect installed. I will not tell Apple to change their security settings because I support them 100%. Sure, it's annoying to have to whitelist some apps and processes, but that's my job. It's ConnectWise's job to produce a quality product. They. Have. Failed.

Avatar
0
Headbolt

Alex

Again, i posted this as a warning for Enterprise/Business people to NOT upgrade to Catalina yet, this is not something within ConnectWise's control and there is nothing for them to fix.

There is a simple Tickbox within Catalina to fix this issue, so Connectwise's software works just fine and as intended, this is a simple addition/extension to the "sandboxing" of any non Apple application that was introduced in Mojave, and like that introduction in Mojave, this one in Catalina was also not announced or documented, it simply appeared without warning in one of the last Beta's before final release, giving Administrators no time to react and no tools or information to react with.

The issue here is that the only Administrative or Enterprise mechanism available to push this setting out to MAC's en-masse has not been documented yet BY APPLE so we are unlikely to have the information on how to create config profiles to do this until after launch.

Bear in mind that the documentation for the Mojave changes came very late, and the only Apple Supplied tool to create proper config files these days (Apple Configurator) still hasnt been updated to deal with the Mojave additions. 

Avatar
0
Howie Isaacks

A lot of my users WILL upgrade to Catalina because they need to. They're developers. Also, what are we supposed to do with Macs that come preinstalled? Imaging on Mac is dead and a new Mac model will not boot up properly on an older macOS. ConnectWise had the opportunity to upgrade their software but it's obviously not important. I'm going to build the case to abandon Screen Connect for Macs. I have never liked this software anyway. It's poorly designed and it activated the discrete GPU in MacBook Pros which causes excessive battery drain. That alone makes this software bad for Mac users.

Avatar
-1
Howie Isaacks
Quote from Caitlin M Barnes

We are currently working on the necessary notaries and signing for Catalina's public release in mid-September. 

That's great. I'm not holding my breath waiting for it though. And what are you doing about the issue with Screen Connect activating the discrete GPU? That's not necessary. The Apple Remote Desktop agent doesn't do that and neither do other remote support agents. There is no need to do this. That issue has been open for over 2 years. This is Mac marginalization.

Avatar
0
Headbolt

OK, even worse news.


Finally got my hands on some apple documentation.

https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services

Sadly it seems the "Feature" actually dubbed "Screen Capture" at the backend, cannot be allowed by policy, you can only deny apps, even though everything is seemingly denied by default. So unless a U Turn is in the works, we can basically upgrade no further than Mojave.

Way to go Apple, will hopefully be the final nail we need to abandon MAC's entirely as the overpriced, overrated, and despite Apple's continued assurances and continued broken promises most definitely NOT Enterprise class products.



Top contributors
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar