TeamViewer 整合
將 Jamf Pro 與 TeamViewer 這款快速安全的全功能解決方案整合後,就能從遠端存取電腦和網路,讓您在 Jamf Pro 管理員與使用者的電腦之間建立遠端螢幕共用連線。如需使用 Jamf Pro 和 TeamViewer 建立遠端管理工作階段的相關資訊,請參閱 使用 TeamViewer 的螢幕共用。
TeamViewer 整合可支援全部三種 TeamViewer 的應用程式:TeamViewer、TeamViewer Host 及 TeamViewer QuickSupport。
TeamViewer 使用下列網路連接埠進行連線:
- 5938—
這是主要連接埠。您的防火牆設定最少應允許此連接埠。
- 443—
這是在 TeamViewer 無法透過連接埠 5938 連線時使用。選取的 TeamViewer 處理程序 (例如更新檢查) 和 TeamViewer Management Console 中建立的自訂模組也都是使用連接埠 443。
- 80—
這是在 TeamViewer 無法透過連接埠 5938 或 443 連線時使用。
與連接埠 5938 或 443 相較之下,連接埠 80 的連線速度較慢,且較不可靠。若暫時失去連線,不會自動重新連線。
各網站有專屬的 TeamViewer 整合。這表示,Jamf Pro 允許您針對每個網站新增一個組態。如果您的環境中沒有網站,您可以在 Jamf Pro 執行個體的完整關聯內容中新增 TeamViewer 組態。
新增新的 TeamViewer 組態
具備管理權限的 TeamViewer 帳戶
具備遠端管理權限的 Jamf Pro 使用者帳戶
在 TeamViewer中配置 Jamf Pro 的指令碼 Token。
若要傳送「Self Service」通知,您必須在 Jamf Pro「Self Service」設定的「互動」區段中進行配置。如需更多資訊,請見適用 macOS 的 Jamf「Self Service」通知。
儲存組態會觸發自動連線驗證。驗證處理程序必須順利完成,才能使用該組態。
遠端電腦的隱私權權限需求
若要執行 TeamViewer 工作階段,TeamViewer 應用程式會要求遠端電腦上的下列隱私權權限:
- 存取能力—
這是執行指令碼和系統命令所需。
- 完整磁碟存取—
這是檔案傳輸和電腦上所有使用者的某些管理設定所需。
- 螢幕錄製—
可讓工作階段支援者看見使用者的螢幕。
具有管理員權限的使用者可手動授與隱私權權限。不過,Jamf 建議您部署「隱私權偏好原則控制」(PPPC) 組態設定檔來代替使用者授與必要的權限。
管理員授與的權限會授與電腦上的所有使用者。如需更多資訊,請參閱 Apple 的 macOS 使用者指南中的 Change Privacy preferences on Mac (更改 Mac 上的「隱私權」偏好設定)。
上傳 .mobileconfig 檔案以授與 TeamViewer 隱私權限
若要授與必要的 TeamViewer 隱私權限,Jamf Pro 管理員可以選擇上傳下列其中一個行動組態檔案,或手動建立必要的 PPPC 組態設定檔。若要上傳下列其中一個 mobileconfig
檔案,請參閱 電腦組態設定檔。
TeamViewer Unsigned.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1">
<dict>
<key>PayloadUUID</key>
<string>d0adae37-56d9-47d4-9907-920fa564b45c</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadOrganization</key>
<string>Jamf</string>
<key>PayloadIdentifier</key>
<string>d0adae37-56d9-47d4-9907-920fa564b45c</string>
<key>PayloadDisplayName</key>
<string>TeamViewer</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadUUID</key>
<string>E48F876C-0EE8-45D0-BBDA-6312D03484C4</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadOrganization</key>
<string>Jamf</string>
<key>PayloadIdentifier</key>
<string>154416B2-3FA9-4CD8-9708-61FC5A1AF02C</string>
<key>PayloadDisplayName</key>
<string>TeamViewer</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>Services</key>
<dict>
<key>ScreenCapture</key>
<array>
<dict>
<key>Authorization</key>
<string>AllowStandardUserToSetSystemService</string>
<key>Identifier</key>
<string>com.teamviewer.TeamViewer</string>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.teamviewer.TeamViewer" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = H7UGFBUGV6)</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>StaticCode</key>
<integer>0</integer>
</dict>
</array>
<key>Accessibility</key>
<array>
<dict>
<key>Identifier</key>
<string>com.teamviewer.TeamViewer</string>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.teamviewer.TeamViewer" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = H7UGFBUGV6)</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>StaticCode</key>
<integer>0</integer>
<key>Allowed</key>
<integer>1</integer>
</dict>
</array>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Identifier</key>
<string>com.teamviewer.TeamViewer</string>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.teamviewer.TeamViewer" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = H7UGFBUGV6)</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>StaticCode</key>
<integer>0</integer>
<key>Allowed</key>
<integer>1</integer>
</dict>
</array>
</dict>
</dict>
</array>
</dict>
</plist>
TeamViewer Host Unsigned.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1">
<dict>
<key>PayloadUUID</key>
<string>47FC645A-AF41-46A3-81D7-11D03C37D592</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadOrganization</key>
<string>Jamf</string>
<key>PayloadIdentifier</key>
<string>47FC645A-AF41-46A3-81D7-11D03C37D592</string>
<key>PayloadDisplayName</key>
<string>TeamViewer Host</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadUUID</key>
<string>5B08D6F0-2C2C-4473-8125-FB5BE08C69E3</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadOrganization</key>
<string>Jamf</string>
<key>PayloadIdentifier</key>
<string>5B08D6F0-2C2C-4473-8125-FB5BE08C69E3</string>
<key>PayloadDisplayName</key>
<string>TeamViewer</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>Services</key>
<dict>
<key>ScreenCapture</key>
<array>
<dict>
<key>Authorization</key>
<string>AllowStandardUserToSetSystemService</string>
<key>Identifier</key>
<string>com.teamviewer.TeamViewerHost</string>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.teamviewer.TeamViewerHost" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = H7UGFBUGV6)</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>StaticCode</key>
<integer>0</integer>
</dict>
</array>
<key>Accessibility</key>
<array>
<dict>
<key>Identifier</key>
<string>com.teamviewer.TeamViewerHost</string>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.teamviewer.TeamViewerHost" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = H7UGFBUGV6)</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>StaticCode</key>
<integer>0</integer>
<key>Allowed</key>
<integer>1</integer>
</dict>
</array>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Identifier</key>
<string>com.teamviewer.TeamViewerHost</string>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.teamviewer.TeamViewerHost" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = H7UGFBUGV6)</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>StaticCode</key>
<integer>0</integer>
<key>Allowed</key>
<integer>1</integer>
</dict>
</array>
</dict>
</dict>
</array>
</dict>
</plist>
TeamViewer QuickSupport Unsigned.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1">
<dict>
<key>PayloadUUID</key>
<string>3F7A9A1D-1CA8-474C-A82F-AB3EB1C8C30E</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadOrganization</key>
<string>Jamf</string>
<key>PayloadIdentifier</key>
<string>3F7A9A1D-1CA8-474C-A82F-AB3EB1C8C30E</string>
<key>PayloadDisplayName</key>
<string>TeamViewer QuickSupport</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadUUID</key>
<string>0452EAAE-18FB-403F-B938-CBCFD0BF4BC1</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadOrganization</key>
<string>Jamf</string>
<key>PayloadIdentifier</key>
<string>0452EAAE-18FB-403F-B938-CBCFD0BF4BC1</string>
<key>PayloadDisplayName</key>
<string>TeamViewer</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>Services</key>
<dict>
<key>ScreenCapture</key>
<array>
<dict>
<key>Authorization</key>
<string>AllowStandardUserToSetSystemService</string>
<key>Identifier</key>
<string>com.teamviewer.TeamViewerQS</string>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.teamviewer.TeamViewerQS" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = H7UGFBUGV6)</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>StaticCode</key>
<integer>0</integer>
</dict>
</array>
<key>Accessibility</key>
<array>
<dict>
<key>Identifier</key>
<string>com.teamviewer.TeamViewerQS</string>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.teamviewer.TeamViewerQS" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = H7UGFBUGV6)</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>StaticCode</key>
<integer>0</integer>
<key>Allowed</key>
<integer>1</integer>
</dict>
</array>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Identifier</key>
<string>com.teamviewer.TeamViewerQS</string>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.teamviewer.TeamViewerQS" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = H7UGFBUGV6)</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>StaticCode</key>
<integer>0</integer>
<key>Allowed</key>
<integer>1</integer>
</dict>
</array>
</dict>
</dict>
</array>
</dict>
</plist>
手動建立組態設定檔,將隱私權權限授予 TeamViewer
- 在 Jamf Pro 中,於側邊欄頂端按一下 電腦
。
- 按一下側邊欄中的 配置設定檔
。
- 按一下 新建
。
- 使用「一般」承載配置基本設定。
- 配置「隱私權偏好原則控制」承載:
- 按一下 範圍 索引標籤並配置設定檔的範圍。
- (任選) 如果您選擇在「Self Service」中提供設定檔,則按一下 Self Service 索引標籤配置該設定檔的「Self Service」設定。
- 按一下 儲存
。
設定檔會在下一次範圍內的部署目標聯絡 Jamf Pro 時,發佈至這些目標。
用 Jamf Pro 部署 TeamViewer 應用程式
Jamf 建議用戶端 Mac 在遠端支援工作階段期間下載 TeamViewer QuickSupport 應用程式。此操作無需預先安裝任何軟體。然而,您可以使用下列程序預先安裝 TeamViewer 或 TeamViewer Host 應用程式。
使用者 Mac 電腦上所安裝的 TeamViewer 應用程式不需要授權。TeamViewer 指令碼避免使用 Composer 進行重新封裝。
安裝「TeamViewer.pkg」或「Install TeamViewerHost.pkg」安裝程式
安裝「TeamViewer with Choices」指令碼或「Install TeamViewer Host with Choices」指令碼
原則將在範圍中的電腦下次簽入 Jamf Pro 且符合「一般」承載中的準則時,於這些電腦上執行。