+3Hi all,
We are pushing a script to allow users to change date and time as below:
##Allow User to Change Time
security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.dateandtime.changetimezone allow
security authorizationdb write system.preferences.datetime authenticate-session-owner-or-admin
This was working fine until now, but it stopped. Did apple changed the preference settings?
+17you would think that their time would just be correct...we're having this issue too
+26With how things have been changing with NIST, I could see apple blocking this. One of the NIST guidelines is to ensure time is set securely for SIEM logging. Allowing users to change time at their own discretion breaks timelines on event logging.
+11lol gold. I've just confirmed this works on 14.4, specifically this line;
security authorizationdb write system.preferences.datetime allow
I couldn't find a key that exists (anymore?) for: system.preferences.dateandtime.changetimezone
Good reference https://www.dssw.co.uk/reference/authorization-rights/system-preferences-datetime
Your last command uses a rule that requires auth of either standard or admin user eg. authenticate-session-owner-or-admin which contradicts the previous allow line? i think.
Anyway, see if this works the way you intended, all ok in my environment with the example lines below;
security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.datetime allow
security authorizationdb write system.preferences.printing allow
+11This didn’t work!?
security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.datetime allow
security authorizationdb write system.preferences.dateandtime.changetimezone allow
security authorizationdb write system.preferences.datetime authenticate-session-owner-or-admin
security authorizationdb write system.settings.datetime allow
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.