I am currently working remotely due to the pandemic, and am attempting to identify the physical room that a set of lab iMacs are currently in. Our CMDB states that these machines are in Room A; however, another staff member states that they are in Room B. The location matters in this particular instance.
Since the subnets are the same for both rooms, we have no way of remotely identifying the location network-wise. I could, however, identify the location if I were to see through the webcam. I have SSH'd into Machine1, downloaded ffmpeg via curl and used this post to attempt taking a photo using the built-in camera.
Everything works well, except that Terminal does not have permission to access the web cam. Is there a command or CLI tool that allows me to set this permission?
Note that I am attempting to avoid enabling screen share to perform this permission setting task as I see it as more required cleanup in the end.
Best Answer
There is no documented workaround to short circuit this security control on macOS Catalina.
My recommendation is to use Screen Sharing and Remote Desktop since you can kickstart that on and off by command. Based on whether your macs are MDM managed, you may not be able to remotely grant access to the physical machines and have to physically go in or trace the ethernet MAC address to switch ports on the switch.
Possibly if you have only one version of macOS there’s something that might be possible, but the question as stands it would be best to use AppleRemote Desktop as the most trusted / privileged tool to remotely compromise the security of these Macs. You’re up against protections to prevent stealthy snooping, so the more you are acting like a proper remote administration, the less friction you will have and once Remote Desktop is set, cleanup is scriptable and very easy (and logged).
These controls must be user initiated, even with a fully functioning MDM like JAMF. You can report if a user has allowed or denied this, but Apple is blocking this pretty effectively in Summer 2020.