For context: I am working on a script whose purpose is to install a specific application and also add it to the user's login items. This program may need to be deployed to a large number of systems so it is desirable that it be installed without any user input on the target machine.
Currently this is being done via a command along the lines of osascript -e 'tell application "System Events" to make login item ...' which works fine in versions of macOS prior to 10.14. However, in more recent versions executing this command triggers a dialog requesting Automation (AppleEvents) permissions, which prevents the install from running unattended.
Is there either an alternate way to add a login item that does not require additional permissions, or else a way to grant the required permission without user input?
Best Answer
I don't have a lot of experience administering/doing mass deployment of scripts over Jamf but I am positive the following links would be very helpful for you. I believe what you are looking for is how to work around Apple's Preferences Policy Control Payloads (PPPC).
Please take a look at the following resources:
GitHub - homebysix
Apple Official Doc about PPPC
GitHub - Jamf
Basically, you want to figure out what you want to explicitly whitelist and preauthorize these using the MDM profile utility and deploy the profile you created along with the payload.