How to Accept Write Settings permission Programatically

How to Accept Write Settings permission Programatically

How can I not prompt the user to  “Please give Write Settings permission” when sending the following script:

 

writesecuresetting -sys hide_rotation_lock_toggle_for_accessibility 1

writesecuresetting -sys accelerometer_rotation 0

 

Using AEDO on the TC52 and TC20.

49 Answers

Order By:   Standard | Newest | Votes
Matt Dermody | posted this 01 July 2019

I just tried your scripts on an AEDO TC52 on Pie with the same results unfortunately. 

 

I then tried the following script, based on success using this before for other permissions, and it unfortunately didn't seem to work either. 

afw_set_permission_grant_state net.soti.mobicontrol.androidwork android.permission.WRITE_SECURE_SETTINGS allow

 

  • 0
  • 0
Matt Dermody | posted this 01 July 2019

I'm also using agent version 13.7.4 which should already have this permission silently granted with an Android Plus plugin based on the release notes.

 

 

I have the Zebra Android+ plugin installed:

 

  • 0
  • 0
Matt Dermody | posted this 01 July 2019

I have a theory that might explain this. The ability for this permission to be set by the Android Plus plugin was introduced with agent version 13.7.0 which came out in may. The latest 1.6.0.102 Zebra Android Plus plugin predates the release of that agent version. I don't know exactly when it came out but I have a version of it on my computer from November of last year. I'm thinking this would mean that the Zebra plugin still needs to be updated so that the writesecuresetting permission can be silently granted. 

 

 

  • 0
  • 0
Matt Dermody | posted this 01 July 2019

@SOTI, what is this script?

 

  • 1
  • 1
Fisch | posted this 02 July 2019

Running the same versions on my devices (TC52 Android O and TC20 Android O)

  • 0
  • 0
Raymond Chan | posted this 03 July 2019

My earlier tests and communication with Soti support team some two three months ago confirmed that the script command afw_set_permission_grant_state   cannot target the device agent itself.  I am not sure it there is any change(s) in newer agent/plug-in versions.

 

Is your problem solved already with the latest agent and plug-in version?

 

If not, and if you have the device on hand or can use remote-control session, just go directly to Settings->Application Manager, select MobiControl device agent item and grant the permission there.

  • 0
  • 0
Fisch | posted this 03 July 2019

I have been using the command without issues for some time on all Zebra devices. This is the first time I have run into any issues with the command. 

 

@SOTI can you please answer the main question as well as the one asked by Matt regarding your release notes regarding the "modify system setting" script that is new? Is that just the "AFW_grant_permissions..."?

  • 0
  • 0
HNMOD@SOTI | posted this 03 July 2019

Hello,

 

Thank you for requesting a response from SOTI Support Staff,

 

Referencing the case related to the release notes, i believe the following script was created to tackle this:

request_appops_permission WRITE_SETTINGS

 

 

Let me know if this helps.

 

 

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 1
  • 0
Raymond Chan | posted this 05 July 2019

Based on my test on Samsung devices using any v13.7.0-v13.7.5 Android Enterprise device agent, the script

  request_appops_permission WRITE_SETTINGS

only results in a notification prompting device end-user to grant the required permission in device "Settings", rather than granting the permission automatically without any end-user interaction.  

 

The behavior in OEM specific Android Plus device agent may differ.

 

  • 0
  • 0
Fisch | posted this 08 July 2019

 

request_appops_permission WRITE_SETTINGS

@Matt Dermody - Can you test this script out?

I would but it appears my wife may finally be going to labor!

  • 0
  • 0
Matt Dermody | posted this 08 July 2019

Congrats! Yeah, I'll give it a whirl.

  • 0
  • 0
Matt Dermody | posted this 08 July 2019

Tried it on a TC8300 with Oreo (My TC52 already had the permission granted) and it didnt seem to do anything:

 

 

 

  • 1
  • 0
Fisch | posted this 26 August 2019

So we are still waiting on @SOTI to provide an answer on this then

  • 0
  • 0
AKMOD@SOTI | posted this 18 September 2019

Hi Fisch

Thanks for your query

We apologize we have through this post now. We are working on this query and will update soon. 

 

Regards

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 1
  • 0
Ben Ragland | posted this 26 September 2019

Any update on this?

 

I am experiencing the SOTI agent inconsistently requesting write permissions from device to device. This is on Oreo Work Managed on a Zebra MC3300.

 

Because I am also using the SOTI Kiosk, the permissions sometimes are not requested until the kiosk is applied, making it a pain to pass down a process to customers.

  • 0
  • 0
Support Staff | posted this 27 September 2019

Hello Folks,

We have received a response to our inquiry into your circumstances;

"Regarding “writesecuresetting -sys” script on AEDO devices, this script will prompt the user to grant the 'Modify System Settings' when there is no/incorrect plugin installed on the device. The feature was implemented for AE agent 13.7.1.1008+ and plugin 1.16.0.100+

 

Coming back to the customer’s configuration,

Application

Current version

Minimum Required version

MC Agent

13.7.4 build 1015

13.7.1 build 1008

Plugin

1.6.0.102

1.16.0.100

 

The current agent version used is obviously higher than the minimum required version, but the plugin used Zebra Hawk eye Plugin (available in the SOTI OEM Download page) is lower than the required version. That is why the script is still prompting the user to grant the “Modify System Settings” permission via a pending action."

 

We are inquiring as to where the version of the correct plugin is and when it will be available to you.

 

Hopefully, this helps some. 

 

Regards, 

 

 

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 1
  • 1
Ben Ragland | posted this 30 September 2019

Outstanding! Thanks for the update.

  • 0
  • 0
Fisch | posted this 30 September 2019

Awesome info thank you!

 

Please do let us know when the plugin will be updated. Also I have had issues with the current one published and have had to revert to an earlier one. The one one on the website doesn't always appear to work and when used there is no option for Remote Control.

  • 0
  • 0
Georg Rosel | posted this 17 October 2019

As far as I see that case, the 'MobiControl A+ Service' has this permission by default but the MobiControl Agent  itself is missing it.

I assume that the 'MobiControl A+ Service' is the plugin as it is now shown when the plugin is not installed. So this behavior should not be linked to the version of the plugin.

 

  • 0
  • 0
Fisch | posted this 21 October 2019

Team - Any updates on this? 

  • 1
  • 0
Support Staff | posted this 21 October 2019

Hello Fisch, 

 

I have had a few discussions about this and I am waiting for an official response from the OEM team.  I hope to post their answer very soon. 

 

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
Kyle Mullins | posted this 31 October 2019

I also am looking for this to be fixed. I am trying to disable the accelerometer using script writesecuresetting -sys accelerometer_rotation 0 but when I run this on the device I get this "User Action Pending" message at the top of the screen.

 

If you tap it then this screen comes up:

If you tap the "Please give Write Settings permission" then a screen shows for a half second that asks you to flip a switch to allow SotiMobi Control to have Write permissions but it then flips back to the Kiosk screen. As a test, I did sign in as Admin, Accept Write permission manually, and then send the scrip again and it worked without prompt. 

So I am looking forward to a way to set this on all devices without having to do it manually. 

  • 1
  • 0
Matt Dermody | posted this 31 October 2019

We all are. SOTI supposedly has an updated device plugin that can do this but it hasn't been released yet. 

  • 1
  • 0
Sascha Möller | posted this 31 October 2019

Does anyone know when the ae-plugin will be released? :(

  • 1
  • 0
Sascha Möller | posted this 31 October 2019

Yes, asap!

  • 1
  • 0
Simon Breuer | posted this 31 October 2019

Bildergebnis für wow that escalated quickly gif

  • 3
  • 1
Matt Dermody | posted this 31 October 2019

I have no idea how/why it posted three times in a row, but I like it. I'm leaving em up!

  • 2
  • 1
Support Staff | posted this 05 November 2019

Hello, 

 

Our OEM team is working with Zebra to provide an amicable solution as your requests have not gone unnoticed.  I am requesting the official answer, solution and any associated timelines on a daily basis. 

 

Once I know I will update the thread accordingly. 

 

Thank you for your patience in the matter.

 

Regards,

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
Matt Dermody | posted this 05 November 2019

Thank you! I think part of the confusion stems from being told that there was a remedy in version 1.16 of the plugin and yet that plugin has yet to be released. I think many of us would be more than willing to live with a beta or pre-release version of 1.16 than a confirmed non-working 1.6 or 1.12. 

  • 2
  • 0
Sascha Möller | posted this 06 November 2019

Hello Support Staff,

could you please ask the OEM-Team for the following commands:

  • watchsettings
  • kill_application
  • wipeapplication

They are not supported on android-enterprise-devices, too.

Regards,

Sascha

  • 0
  • 0
Support Staff | posted this 08 November 2019

Hi Sascha, 

 

Thank you for the constructive feedback I have included it to the OEM team as part of the suggested solution.

 

@Matt I apologize if the information I provided has some anticipating the release of 1.16 as that does not look like it is going to be the solution.   

 

Changes in the process have made this more difficult than it should be and therefore the teams are working on alternate solutions and the feedback is all I can provide at this point on route to a resolution. 

 

Thanks for your continued patience.

 

Regards,

 

 

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 1
  • 0
Dennis Vdh | posted this 09 November 2019

Hello all, I do have an additional question.

Does this issue only happen on Zebra DO devices? Or has anyone investigated, for instance Honeywell, Samsung, ... devices ?

(Hope to find some time this week to investigate Honeywell device)

  • 0
  • 0
Kirsty Monk | posted this 11 November 2019

I can't add to the answer but I wanted to say that I am having the same problem. I have been working with a Support engineer at SOTI and they have told me that they are aware of this thread and there is currently no way to apply these permissions silently and there is no work around. I guess I knew that but has anyone been given assurance that there is light at the end of the tunnel and that a new plugin really exists?

  • 1
  • 0
Dennis Vdh | posted this 12 November 2019

Confirmed, this issue does not happen on Honeywell devices.
"WRITE_SECURE_SETTINGS" is granted and "writesecuresetting -sys ..." are accepted and applied on enrollment.

Device Types : Honeywell VM1A, Honeywell CT60
Device Agent : net.soti.mobicontrol.androidwork v14.0.0 Build 1579 (Android Enterprise Device Owner)
Device Plugin : net.soti.mobicontrol.enterprise.honeywell v1.16.3.105+dcb271b9

For completion Mobicontrol Server : 14.4.0.4857

  • 2
  • 0
Support Staff | posted this 26 November 2019

Hello Sasha, 

 

From what I understand, Zebra deprecated the use of “Device Administrator – aka Android Plus” starting in Android Oreo.  Which means, they will no longer be signing any plugins for Oreo devices.  This is the reason "1.16" is no longer the solution.

 

However, both functionalities you asked for are available through Zebra MX APIs:

  • Wipe = Clear application's cache
  • Kill Application = Clear the Recent Application List

 

Please use Zebra MX API's to perform these functionalities by using Zebra StageNow desktop application, create a new profile with ‘AppMgr’ setting to perform these actions.

 

To automate the process, An xml file can be generated from StageNow desktop app and exported to our MDM. Then pushed to devices though MobiControl.  Once the XML file is on the device, Mxconfig script can be sent to the device to close the recent applications list running on the device.

 

Here is a summary of the steps:

  1. Create a new profile and give it a name
  2. Choose Xpert Mode
  3. Select AppMgr
  4. From ‘Action’ dropdown list Select ‘clear recent app list’ and ‘Clear application’s cache’
  5. Move to the next step and select ‘Export to MDM’
  6. Use MobiControl to get the XML file to devices
  7. Send  “mxconfig <DeviceStoragePath/filename.xml>”script to the device to clear recent running apps

I hope this provides some more context for now as we work with Zebra to explore other options, to providing you a solution to this post.

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
Matt Dermody | posted this 26 November 2019

Interesting angle. So instead of leveraging writesecuresetting we should default to MX instead? I'm not sure about everyone else's situation, but I know that there are a number of writesecuresettings we use that are NOT exposed by MX, which is why we've historically had to use them together. If I go through some of the common secure settings we leverage there are very few covered by MX. It appears that Font size might be one of the few that we recently got support for and that requires MX 9.2, which a number of device models don't even support yet. 

 

 

writesecuresetting -sys accelerometer_rotation 0

- No equivalent in MX

writesecuresetting -sys font_scale 1.3

- Added as FontSize in DisplayMgr as of MX 9.2

writesecuresetting -sec enabled_input_methods com.symbol.mxmf.csp.enterprisekeyboard/com.android.inputmethod.latin.LatinIME

- You can set EKB as the default input method using MX, but you can't set it as the only enabled input method.

writesecuresetting -glo animator_duration_scale 0.0

No equivalent in MX

writesecuresetting -glo transition_animation_scale 0.0

- No equivalent in MX

writesecuresetting -glo window_animation_scale 0.0

- No equivalent in MX

writesecuresetting -glo low_power 0

- No equivalent in MX

writesecuresetting -sys status_bar_show_battery_percent 1

- No equivalent in MX

writesecuresetting -sec show_ime_with_hard_keyboard 1

- No equivalent in MX

writesecuresetting -sec tts_default_synth com.google.android.tts

- No equivalent in MX

  • 0
  • 0
Scott | posted this 05 December 2019

As info, turns out silent grant of writesettings is the least of the issues.  Once granted, a log check of most of these settings comes back with "device owners cannot update XXX" where XXX = most of the settings listed by Matt...

writesecuresetting -sys accelerometer_rotation 0
works!

writesecuresetting -sys font_scale 1.3
works!

writesecuresetting -sec enabled_input_methods com.symbol.mxmf.csp.enterprisekeyboard/com.android.inputmethod.latin.LatinIME
writesecuresetting -glo animator_duration_scale 0.0
writesecuresetting -glo transition_animation_scale 0.0
writesecuresetting -glo window_animation_scale 0.0
writesecuresetting -glo low_power 0
writesecuresetting -sec show_ime_with_hard_keyboard 1
writesecuresetting -sec tts_default_synth com.google.android.tts
All return "device owners cannot update..."

writesecuresetting -sys status_bar_show_battery_percent 1
not actually a system setting anymore.  log says "You cannot change private secure settings."

(at least on TC56 w8.1.0)

So....

  • 1
  • 0
Sascha Möller | posted this 09 December 2019

Hi,

where is the last comment from Fish?

  • 1
  • 0
Dennis Vdh | posted this 09 December 2019

Hi,

where is the last comment from Fish?

 

Indeed what happend to the comment? 
He had a valid point. 

  • 1
  • 0
Sascha Möller | posted this 09 December 2019

Hi Matt,

we got the information from soti-support that zebra will no longer sign any soti-plugins.

Could you confirm this information?

Regards, Sascha

  • 0
  • 0
Scott | posted this 09 December 2019

I have spoken with development at Zebra and confirm that they will not sign plugins moving foward due to Google recommendations and apparently Google plans to restrict ALL OEMs from signing third party applications in the not too distant future.  It's OEMConfig or bust...

They did however ask what additional functionality was needed in MX to bridge the gap and I sent along the list in this thread as well as a couple of others, so they at least understand that there's an issue...

 

  • 2
  • 0
Matt Dermody | posted this 09 December 2019

If Google wants EMM admins to embrace Android Enterprise then feature parity should be a top priority. After that we need better version control in Managed Play and control over GPP. 

  • 0
  • 0
Matt Dermody | posted this 10 December 2019

@Scott I can confirm similar conversations with Zebra. We can basically give up hope on full blown writesecuresettings coming to AE. Zebra will prioritize adding the most important ones to MX/ZMC so if you have any particular settings that you're currently missing I would suggest posting them here or passing them on to Zebra. Zebra is aware of this thread so if you don't know who to reach out to, posting them here would be fine. 

  • 0
  • 0
Scott | posted this 10 December 2019

I was going to suggest starting a new Zebra specific discussion thread just for any Zebra users to post what they consider the most important things they want added to the MX feature set.  That way the folks at Zebra have one easy place to look and see a consolidated wish list.

  • 0
  • 0
Matt Dermody | posted this 10 December 2019

Good call. Looks like you've already got one started. To anyone else reading this thread, please direct any writesecuresetting->MX feature requests here. As Scott called out, please use the upvote system to vote for specific features so that they can be prioritized. 

 

https://discussions.soti.net/thread/wish-list-for-zebra-ae-functionality

 

 

  • 0
  • 0
Support Staff | posted this 12 December 2019

Hi Fisch,

Here is an updated, corrected response from SOTI and Zebra.

In late-2017, SOTI and Zebra Technologies agreed to a singular path forward for supporting customers who were planning on adopting devices powered by Google Android.  In keeping with the Google Android Enterprise Recommended program, all devices pre-installed with Android 8.0 (Oreo) will be required to activate the device as  Android Enterprise Device Owner for support with SOTI MobiControl.  This aligns with Google’s coming deprecation of Android Device Administrator, and provides a future upgrade path for customers mobile deployments.    Changes in the framework for Android device management have led to a shift in how some Zebra device settings should be deployed within MobiControl. As has been noted in this thread, configuration of newer Zebra devices enrolled as Android Enterprise using the writesecuresetting scripts will require the user to accept a permissions prompt.  The script spans across all Android systems and given the Android fragmentation that exists in the field, it is difficult to guarantee that these scripts will work across the multitude of devices even with the permissions granted.

 

When configuring Zebra devices on Android Enterprise, it is recommended to apply device settings via one of the following mechanisms:

 

  • Android Enterprise Feature Control payload within a MobiControl Configuration Profile
  • Zebra OEMConfig setting within an App Catalog Rule
  • Zebra MX XML configuration file via a MobiControl File Sync Rule and mxconfig script command

 

Should the configuration setting that you wish to apply not currently be supported within any of the above mechanism, please raise a feature request with SOTI Support or your SOTI Account Manager for it to be evaluated. The usage of writesecuresetting is something being reviewed by SOTI and Zebra, to understand the full use case and evaluate what could be done to solve this challenge.

 

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 2
  • 1
Support Staff | posted this 12 December 2019

Hi Fisch,

Here is an updated, corrected response from SOTI and Zebra.

In late-2017, SOTI and Zebra Technologies agreed to a singular path forward for supporting customers who were planning on adopting devices powered by Google Android.  In keeping with the Google Android Enterprise Recommended program, all devices pre-installed with Android 8.0 (Oreo) will be required to activate the device as  Android Enterprise Device Owner for support with SOTI MobiControl.  This aligns with Google’s coming deprecation of Android Device Administrator, and provides a future upgrade path for customers mobile deployments.    Changes in the framework for Android device management have led to a shift in how some Zebra device settings should be deployed within MobiControl. As has been noted in this thread, configuration of newer Zebra devices enrolled as Android Enterprise using the writesecuresetting scripts will require the user to accept a permissions prompt.  The script spans across all Android systems and given the Android fragmentation that exists in the field, it is difficult to guarantee that these scripts will work across the multitude of devices even with the permissions granted.

 

When configuring Zebra devices on Android Enterprise, it is recommended to apply device settings via one of the following mechanisms:

 

  • Android Enterprise Feature Control payload within a MobiControl Configuration Profile
  • Zebra OEMConfig setting within an App Catalog Rule
  • Zebra MX XML configuration file via a MobiControl File Sync Rule and mxconfig script command

 

Should the configuration setting that you wish to apply not currently be supported within any of the above mechanism, please raise a feature request with SOTI Support or your SOTI Account Manager for it to be evaluated. The usage of writesecuresetting is something being reviewed by SOTI and Zebra, to understand the full use case and evaluate what could be done to solve this challenge.

 

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 2
  • 1
Fisch | posted this 12 December 2019

That statement was AWESOME thank you! One last question if you do not mind, why did SOTI decide to stop supporting Device Admin agents after Android N (7.x) and not continue until Google deprecated the agent after Android P? I am VERY glad the decision was made since my customers using SOTI are now ahead of the game but are you able to maybe share some insight on this decision? 

  • 0
  • 0
Support Staff | posted this 17 December 2019

Device Admin support on Zebra devices exists through to Android N (7.x). The decision to stop support for Device Admin on Android O (8.x) and higher was a joint strategic decision made between SOTI and Zebra from what I was told.

 

Thank you for requesting clarification on this, I believe it provided clarification to many of us including myself.

 

Cheers,

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0

Give us your feedback
Give us your feedback
Feedback