After a some damage for running a blog and dedicating a few of my unfastened time to different leisure pursuits like three-D Printing, I suppose it’s about time to do some other weblog put up.
Because of Speaking Moose for answering a couple of query I had about this.
This time I’d like to take a look on the new TeamViewer integration in Jamf Professional 10.31. In view of warding off the put up to turn out to be too lengthy, I’ll break up it in to split put up:
- Elementary configuration of Jamf Professional 10.31 and TeamViewer (this put up)
- Deploying TeamViewer silently with Jamf Professional
It can be bizarre to transport the deployment of TeamViewer to a 2nd put up… as you’ll if truth be told want it to check what I’m going to speak about as of late, alternatively, as it wishes some further scripting I want to simply do the fundamentals now and set up TeamViewer manually on my goal check pc.
Don’t concern, whilst for now we’re going to put in TeamViewer manually, I’ll percentage and talk about the important scripting in my 2nd put up!
So for now, the fundamentals, let’s cross!
First issues first… the documentation: https://doctors.jamf.com/jamf-pro/administrator-guide/TeamViewer_Integration.html
Whilst I’d counsel to present it a excellent learn, let me spotlight a view vital pieces right here:
- From a firewall point of view port 5938 must be open inbound your goal gadgets
- “TeamViewer integration is web page explicit. This implies Jamf Professional permits you to upload one configuration in keeping with web page. If there are not any websites to your setting, you’ll be able to upload a TeamViewer configuration within the complete context of your Jamf Professional example.”
- You’ll desire a TeamViewer account with administrative privileges and Jamf Professional person account with Faraway Management privileges
- You’ll wish to create a script token for Jamf Professional configured in TeamViewer
- To ship Self Carrier notifications, you should configure them within the Interplay segment of the Self Carrier settings in Jamf Professional. For more info, see Jamf Self Carrier for macOS Notifications.
So, with the ones necessities in thoughts, let’s dive proper into it!
Very first thing to do is to create the script token in TeamViewer. For this you’ll wish to login to the TeamViewer Control Console first: https://login.teamviewer.com/LogOn. Navigate on your profile and click on edit profile -> apps -> create script token.
Give the token a reputation and make sure you put the Consultation Control privileges to Create, view and edit all classes.
Hit save and replica the token:
Subsequent, we transfer to Jamf Professional to allow our integration. Jamf Professional Settings -> International Control -> Faraway Management:
That’s it for the combination! Simple and directly ahead! However now, our goal gadgets… What about them?
Neatly, to begin with I discussed that on this put up I’ll simply cross the lazy method and set up TeamViewer manually on my goal software, and I’ll discuss silently deploying them in my subsequent put up. However in view of your selection for which TeamViewer resolution to make use of, there are a couple of choices:
- Set up TeamViewer complete
- Set up TeamViewer Host
- Don’t set up anything else and let customers use the TeamViewer QuickSupport app when wanted.
All 3 choices do paintings with the Jamf Professional integration, and it’s as much as you to make a choice what you need to make use of, or what you might be already the usage of inside of your setting. On the other hand, there are some things to keep in mind:
- Relying the TeamViewer possibility of your selection, you’re going to want the corresponding PPPC profile driven on your gadgets. If now not, your finish person will wish to supply get admission to for screencapture, accessibility and SystemPolicyAllFiles themselves, earlier than it is possible for you to to glue remotely. Extra about that underneath, as there are other identifiers for each and every of the three answers discussed above.
- Whilst TeamViewer Host lets in to configure the endpoint for unattended get admission to the combination by the use of Jamf Professional will all the time require the top person to open up the consultation. Extra about this underneath, however whilst the Jamf Professional integration does paintings with both TeamViewer or TeamViewer Host, far flung get admission to would require the top person to be concerned.
- Not obligatory: Screencapture can also be set to “Permit Same old Customers to Permit Get entry to“. This permits, and calls for finish customers with out admin privileges to come to a decision if TeamViewer can percentage the display. Compliant to Apple’s privateness insurance policies.
- Necessary: Making an attempt to deploy the configuration profile with the ScreenCapture environment to computer systems with macOS 10.15.7 or previous will purpose the profile set up to fail.
- If you select to make use of the TeamViewer QuickSupport app, no app must be pre-installed. The tip person wil be triggered to put in the one-time-usage model of TeamViewer when wanted. On the other hand (!), TeamViewerQS calls for a DIFFERENT PPPC profile than the total TeamViewer to TeamViewerQS. See underneath.
So, earlier than putting in TeamViewer, manually or remotely by the use of Jamf Professional, and despite the fact that you propose to make use of TeamViewerQS, make sure you push a profile with the corresponding PPPC payload on your endpoints!
Configure the Privateness Personal tastes Coverage Keep watch over payload:
- Within the Identifier box, input com.teamviewer.TeamViewerQS.
- From the Identifier sort pop-up menu, select Package deal ID.
- Within the Code Requirement box, input the next code:
anchor apple generic and identifier “com.teamviewer.TeamViewerQS” and (certificates leaf[field.1.2.840.113622.214.171.124.9] /* exists */ or certificates 1[field.1.2.840.1136126.96.36.199.6] /* exists */ and certificates leaf[field.1.2.840.1136188.8.131.52.13] /* exists */ and certificates leaf[subject.OU] = H7UGFBUGV6)
- Within the App or Carrier desk, upload the next:
- Accessibility with the worth Permit—This may increasingly grant the Accessibility permission.
- SystemPolicyAllFiles with the worth Permit—This may increasingly grant the Complete Disk Get entry to permission.
- (Not obligatory, computer systems with macOS 11 or later handiest) ScreenCapture with the worth Permit Same old Customers to Permit Get entry to—This may increasingly grant the Display Recording permission. Customers with out administrator privileges should come to a decision if TeamViewer can percentage the display.
As discussed above each and every of the three TeamViewer answers desire a DIFFERENT environment for the PPPC profile, with a special Identifier and Code Requirement!
For the Complete TeamViewer:
- Identifier: com.teamviewer.TeamViewer
- Code Requirement:
anchor apple generic and identifier "com.teamviewer.TeamViewer" and (certificates leaf[field.1.2.840.1136184.108.40.206.9] /* exists */ or certificates 1[field.1.2.840.1136220.127.116.11.6] /* exists */ and certificates leaf[field.1.2.840.113618.104.22.168.13] /* exists */ and certificates leaf[subject.OU] = H7UGFBUGV6)
- Identifier: com.teamviewer.TeamViewerQS
anchor apple generic and identifier "com.teamviewer.TeamViewerQS" and (certificates leaf[field.1.2.840.113622.214.171.124.9] /* exists */ or certificates 1[field.1.2.840.1136126.96.36.199.6] /* exists */ and certificates leaf[field.1.2.840.1136188.8.131.52.13] /* exists */ and certificates leaf[subject.OU] = H7UGFBUGV6)
For TeamViewer Host:
- Identifier: com.teamviewer.TeamViewerHost
anchor apple generic and identifier "com.teamviewer.TeamViewerHost" and (certificates leaf[field.1.2.840.1136184.108.40.206.9] /* exists */ or certificates 1[field.1.2.840.1136220.127.116.11.6] /* exists */ and certificates leaf[field.1.2.840.113618.104.22.168.13] /* exists */ and certificates leaf[subject.OU] = H7UGFBUGV6)
Scope the proper PPPC profile on your endpoints and you’re ready to move!
Neatly, except for putting in TeamViewer this is. For trying out functions, and perhaps even for actual existence make stronger, I’d counsel to make use of TeamViewerQS. Not anything to put in!
If you happen to do wish to set up TeamViewer manually for now: https://www.teamviewer.com/en/obtain/mac-os/
TeamViewer Host (which I might now not counsel in view of this integration, because it does now not be offering an actual get advantages in comparison to the total TeamViewer or TeamViewerQS) can also be downloaded on the backside of the web page:
Remember the fact that unattended get admission to isn’t a part of this integration. This can also be accomplished by the use of further configuration, however does now not in point of fact have compatibility in neatly into the privateness realm when managing finish customers personally.
With our integration in Jamf Professional achieved, our PPPC profile driven and TeamViewer (Host) put in (or now not – if you wish to use QS), we’re absolutely able to take this out for a spin!
For this we cross to the stock of the software we wish to far flung into, cross the Control Tab -> Faraway Management and click on ‘Get started Consultation‘. If you need you’ll be able to upload a be aware to stay observe of the explanation why you initiated the consultation, as an example an inside make stronger price ticket quantity.
After you began the consultation, you’re going to see the next choices:
To in point of fact get started the consultation, 2 issues should be achieved subsequent:
- The administrator must click on the Administrator URL to hook up with the top person’s Mac
- The tip person should open up the relationship by the use of the Finish Consumer URL
When the administrator launches the consultation by the use of the Administrator URL a notification is shipped to the top person’s Self Carrier teaching him/her to navigate to the Bookmarks in Self Carrier and click on the Finish Consumer URL to start out the consultation. If wanted, some other Self Carrier Notification can also be ship manually:
In the meanwhile, the administrator will see the next after clicking the admin url:
Notice: for the admins you wish to have to put in the total TeamViewer app
As soon as the admin launches TeamViewer, he/she’s going to see the next display till the top person opens up the relationship:
The tip person, from his/her facet, after clicking the hyperlink in Self Carrier (or shared by the use of another way, even pigeon put up will do… however would possibly lengthen the method somewhat) will undergo the next person revel in:
Relying whether or not or now not the total TeamViewer (Host) is put in, the top person can release it or select to obtain the QS model. As soon as loaded, the next popup will seem when the admin requests to glue:
If you happen to accurately configured the PPPC profile (with right kind identifier and code requirement for the TeamViewer resolution of your selection, see above), the one factor the top person would possibly nonetheless must do (if that is the primary time a TeamViewer consultation is finished) is to approve screencapture – aka ‘Display Recording’:
The opposite two privileges, Accessibility and Complete Disk Access must already be coated through the PPPC profile. Remember the fact that for ‘Screencapture’ we will handiest set it to “Permit Same old Customers to Permit Get entry to“, and now not put in force it remotely.
If alternatively you didn’t configure / push the PPPC profile accurately, the top person will wish to approve the entirety:
If all of the above is carried out accurately, the consultation must get started.
When the relationship is closed, some other Self Carrier notification is shipped to tell the top person:
That’s it for now!
As promised, I’l do some other put up on the right way to silently set up TeamViewer (Host) in my subsequent put up.
– Is iOS far flung regulate supported? No, now not nowadays
– Can I exploit an iPad Professional to far flung right into a Mac? No, function request I suppose
– Can an finish person initiated a request for help to an inside make stronger staff? YES, You’ll upload a hyperlink within the Self Carrier Bookmarks, leveraging TeamViewer’s “QuickSupport and SOS button”: https://neighborhood.teamviewer.com/English/kb/articles/3962-quicksupport-and-sos-button
That’s it! As all the time, should you preferred the put up, hit the like button, inform your folks about it and go away a remark down underneath!
Apple ecosystem fanatic, geek, tech system freak, Belgian residing within the Netherlands
Senior Undertaking Beef up Engineer | Jamf