I've included a lot of information to help with diagnosing the issue, but the TL;DR is as the title of this issue says — that Object Info is not finding all profiles with Security & Privacy payloads (both FileVault only and the combined General&Firewall options). My MacBook Pro is running macOS Tahoe 26.1 and I'm running the latest available Object Info version 3.2.0.
I had an issue with a client where there were conflicting profiles setting the Firewall and Stealth Mode settings. I used Object Info to scan for Config Profiles Payload > Computer > Security & Privacy:General&Firewall. It did find a conflicting profile, but upon un-scoping it from our test device we were still seeing in System Settings > Network > Firewall "This setting has been configured by a profile" and seeing a preference list at '/Library/Managed Preferences/com.apple.security.firewall.plist'. I ultimately had to run sudo profiles show and was able to find the conflicting profile. The bug seems to be that Object Info isn't finding all Configuration Profiles that have a FileVault or General&Firewall payload enabled (this could be more widespread than these payloads but I haven't had time to
test).
Some example profiles it did find when running Config Profiles Payload > Computer > Security & Privacy:General&Firewall:
-
A monolithic profile called UK-Security & Privacy endusers added
to the UK site scoped to All computers with an exclusion for a smart
group called UK - Conference Rooms with the following payloads:
-
Finder
-
Login Window
-
Window
-
Options
-
Show password hint when needed and available
-
Disable automatic login
-
Enable console login
-
Enable Fast User Switching
-
Start screen saver after: 10 Minutes of Inactivity
- Use screen saver module at path:
/System/Library/Screen Savers/Flurry.saver
-
Access
-
Script
-
Login Script
- Also execute the client computer's LoginHook script
-
Logout Script
- Also execute the client computer's LogoutHook
script
-
Privacy & Security
-
General
-
Restrict Send diagnostic and usage data to Apple, and
sharing crash data and statistics with app developers
-
Allow Unlock macOS computer using an Apple Watch with
watchOS 3 or later
-
Require Passcode to Unlock Screen immediately
-
Gatekeeper
- Allow apps downloaded from: Mac App Store and
identified developers
-
FileVault
- Disable Require user to unlock FileVault after
hibernation
-
Firewall
-
Enable Firewall
- Control incoming connections for specific apps
-
Enable Stealth Mode
-
Software Update
-
Automatically install macOS updates
-
Automatically install app updates from the App Store
-
Automatically check for updates
-
Automatically download new updates when available
-
Automatically install configuration data
-
Automatically install system data files and security updates
-
Another monolithic profile called UK-Security & Privacy Conf room added to the UK site and scoped to a smart group called UK -
Conference Rooms with the payloads:
-
Finder
-
Login Window
-
Window
-
Login Prompt
-
Show Shut Down button
-
Options
-
Show password hint when needed and available
-
Disable Apple ID setup during login
-
Disable Siri setup during login
-
Enable console login
-
Enable Fast User Switching
-
Access
-
Script
-
Login Script
- Also execute the client computer's LoginHook script
-
Logout Script
- Also execute the client computer's LogoutHook
script
-
Passcode
-
Privacy & Security
-
General
-
Restrict Set Lock Message
-
Restrict Send diagnostic and usage data to Apple, and
sharing crash data and statistics with app developers
-
Restrict Unlock macOS computer using an Apple Watch with
watchOS 3 or later
-
Gatekeeper
- Allow apps downloaded from: Mac App Store and
identified developers
-
FileVault
- Disable Require user to unlock FileVault after
hibernation
-
Firewall
-
Enable Firewall
- Control incoming connections for specific apps
-
Disable Stealth Mode
-
Yet another monolithic profile called TEST UK-Security & Privacy Conf room - DNU which is added to the UK site and is not scoped with
the payloads:
-
Finder
-
Login Window
-
Window
-
Login Prompt
-
Show Shut Down button
-
Options
-
Show password hint when needed and available
-
Disable Apple ID setup during login
-
Disable Siri setup during login
-
Enable console login
-
Enable Fast User Switching
-
Access
-
Script
-
Login Script
- Also execute the client computer's LoginHook script
-
Logout Script
- Also execute the client computer's LogoutHook
script
-
Passcode
-
Privacy & Security
-
General
-
Restrict Set Lock Message
-
Restrict Send diagnostic and usage data to Apple, and
sharing crash data and statistics with app developers
-
Restrict Unlock macOS computer using an Apple Watch with
watchOS 3 or later
-
Gatekeeper
- Allow apps downloaded from: Mac App Store and
identified developers
-
FileVault
- Disable Require user to unlock FileVault after
hibernation
-
Firewall
-
Enable Firewall
- Control incoming connections for specific apps
-
Enable Stealth Mode
The profile it did not pickup initially when running Config Profiles Payload > Computer > Security & Privacy:General&Firewall is called FileVault - Key Escrow it is not added to any site and is scoped to All computers excluding the smart group UK - Conference Rooms and had the payloads:
-
Certificate
-
Security and Privacy
-
General
- Require Passcode to Unlock Screen after 5 seconds
-
FileVault
-
Firewall
-
Enable Firewall
- Control incoming connections for specific apps
-
Disable Stealth Mode
However I've since broken out some of the components from these profiles to be standalone profiles that only do one thing to help us with isolating/troubleshooting down the line and Object Info still isn't detecting these profiles. I removed the conflicting keys from the profiles UK-Security & Privacy endusers and FileVault - Escrow Key
-
Security and Privacy
-
General
- Require Passcode to Unlock Screen
-
Firewall
-
Enable Firewall
- Control incoming connections for specific apps
-
Disable Stealth Mode
And I broke each out into their own respective profiles called System Settings - Require Password to Unlock 5 Seconds After Screensaver Starts and System Settings - Enable Firewall and Firewall Stealth Mode but neither are showing when running Config Profiles Payload > Computer > Security & Privacy:General&Firewall. Just for kicks I also tried running Config Profiles Payload > Computer > Security & Privacy:FileVault and am getting no results despite having the previously mentioned profile FileVault - Key Escrow as well as another profile called FileVault - Prevent turning off FileVault which is not assigned a site and is scoped to a smart group called Jamf Setup Manager - Ready for Profile Deployment and the only key that is set for this profile is:
I've included a lot of information to help with diagnosing the issue, but the TL;DR is as the title of this issue says — that Object Info is not finding all profiles with Security & Privacy payloads (both FileVault only and the combined General&Firewall options). My MacBook Pro is running macOS Tahoe 26.1 and I'm running the latest available Object Info version 3.2.0.
I had an issue with a client where there were conflicting profiles setting the Firewall and Stealth Mode settings. I used Object Info to scan for Config Profiles Payload > Computer > Security & Privacy:General&Firewall. It did find a conflicting profile, but upon un-scoping it from our test device we were still seeing in System Settings > Network > Firewall "This setting has been configured by a profile" and seeing a preference list at '/Library/Managed Preferences/com.apple.security.firewall.plist'. I ultimately had to run
sudo profiles showand was able to find the conflicting profile. The bug seems to be that Object Info isn't finding all Configuration Profiles that have a FileVault or General&Firewall payload enabled (this could be more widespread than these payloads but I haven't had time totest).
Some example profiles it did find when running Config Profiles Payload > Computer > Security & Privacy:General&Firewall:
A monolithic profile called UK-Security & Privacy endusers added
to the UK site scoped to All computers with an exclusion for a smart
group called UK - Conference Rooms with the following payloads:
Finder
Preferences
Finder Menu
Show these items on the desktop
Hard disks
External disks
CDs, DVDs, and iPods
Connected servers
Show warning before emptying the Trash
Commands
Select commands available to users
Connect to Server
Eject
Burn Disc
Go to Folder
Restart
Shut Down
Login Window
Window
Login Prompt
List of users able to use these computers
Show local users
Show computer's administrators
Show "Other..."
Show Shut Down button
Options
Show password hint when needed and available
Disable automatic login
Enable console login
Enable Fast User Switching
Start screen saver after: 10 Minutes of Inactivity
/System/Library/Screen Savers/Flurry.saver
Access
User
Local-only users may log in
Combine available workgroup settings
Script
Login Script
Logout Script
script
Privacy & Security
General
Restrict Send diagnostic and usage data to Apple, and
sharing crash data and statistics with app developers
Allow Unlock macOS computer using an Apple Watch with
watchOS 3 or later
Require Passcode to Unlock Screen immediately
Gatekeeper
identified developers
FileVault
hibernation
Firewall
Enable Firewall
Enable Stealth Mode
Software Update
Automatically install macOS updates
Automatically install app updates from the App Store
Automatically check for updates
Automatically download new updates when available
Automatically install configuration data
Automatically install system data files and security updates
Another monolithic profile called UK-Security & Privacy Conf room added to the UK site and scoped to a smart group called UK -
Conference Rooms with the payloads:
Finder
Preferences
Finder Menu
Show these items on the desktop
Hard disks
External disks
CDs, DVDs, and iPods
Connected servers
Show warning before emptying the Trash
Commands
Select commands available to users
Connect to Server
Eject
Burn Disc
Go to Folder
Restart
Shut Down
Login Window
Window
Login Prompt
Show local users
Show computer's administrators
Show "Other..."
Show Shut Down button
Options
Show password hint when needed and available
Disable Apple ID setup during login
Disable Siri setup during login
Enable console login
Enable Fast User Switching
Access
User
Local-only users may log in
Combine available workgroup settings
Script
Login Script
Logout Script
script
Passcode
Require Passcode
Minimum Passcode Length set to 8
Privacy & Security
General
Restrict Set Lock Message
Restrict Send diagnostic and usage data to Apple, and
sharing crash data and statistics with app developers
Restrict Unlock macOS computer using an Apple Watch with
watchOS 3 or later
Gatekeeper
identified developers
FileVault
hibernation
Firewall
Enable Firewall
Disable Stealth Mode
Yet another monolithic profile called TEST UK-Security & Privacy Conf room - DNU which is added to the UK site and is not scoped with
the payloads:
Finder
Preferences
Finder Menu
Show these items on the desktop
Hard disks
External disks
CDs, DVDs, and iPods
Connected servers
Show warning before emptying the Trash
Commands
Select commands available to users
Connect to Server
Eject
Burn Disc
Go to Folder
Restart
Shut Down
Login Window
Window
Login Prompt
Show local users
Show computer's administrators
Show "Other..."
Show Shut Down button
Options
Show password hint when needed and available
Disable Apple ID setup during login
Disable Siri setup during login
Enable console login
Enable Fast User Switching
Access
User
Local-only users may log in
Combine available workgroup settings
Script
Login Script
Logout Script
script
Passcode
Require Passcode
Minimum Passcode Length set to 8
Privacy & Security
General
Restrict Set Lock Message
Restrict Send diagnostic and usage data to Apple, and
sharing crash data and statistics with app developers
Restrict Unlock macOS computer using an Apple Watch with
watchOS 3 or later
Gatekeeper
identified developers
FileVault
hibernation
Firewall
Enable Firewall
Enable Stealth Mode
The profile it did not pickup initially when running Config Profiles Payload > Computer > Security & Privacy:General&Firewall is called FileVault - Key Escrow it is not added to any site and is scoped to All computers excluding the smart group UK - Conference Rooms and had the payloads:
Certificate
JSS FileVault Recovery Key Escrow Certificate
Allow export from keychain
Security and Privacy
General
FileVault
Escrow Personal Recovery Key
Encryption Method
Escrow Location Description
Firewall
Enable Firewall
Disable Stealth Mode
However I've since broken out some of the components from these profiles to be standalone profiles that only do one thing to help us with isolating/troubleshooting down the line and Object Info still isn't detecting these profiles. I removed the conflicting keys from the profiles UK-Security & Privacy endusers and FileVault - Escrow Key
Security and Privacy
General
Firewall
Enable Firewall
Disable Stealth Mode
And I broke each out into their own respective profiles called System Settings - Require Password to Unlock 5 Seconds After Screensaver Starts and System Settings - Enable Firewall and Firewall Stealth Mode but neither are showing when running Config Profiles Payload > Computer > Security & Privacy:General&Firewall. Just for kicks I also tried running Config Profiles Payload > Computer > Security & Privacy:FileVault and am getting no results despite having the previously mentioned profile FileVault - Key Escrow as well as another profile called FileVault - Prevent turning off FileVault which is not assigned a site and is scoped to a smart group called Jamf Setup Manager - Ready for Profile Deployment and the only key that is set for this profile is:
Security and Privacy
FileVault
User adjustment of FileVault options