I need help with standard user elevation as user should be able to forget the Wi-Fi networks as they required. in my case if it asks for admin credentials to forget the network.
is there any privilege management feature in jamf?
Solved
As a standard user, unable to forget Wi-Fi network
+5Best answer by AJPinto
You need admin access to remove Wi-Fi networks as it impacts all users. Its dumb, but how Apple does things. Try giving everyone access to modify the items below and see if that helps.
#!/bin/bash
echo allowing everyone to write to network and wifi services
/usr/bin/security authorizationdb write system.preferences.network allow
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow
/usr/bin/security authorizationdb write com.apple.wifi allow
+11good question, this is more then likely possible, by granting the rights with the security framework:
examples are as follows:
authorizationdb read right-name
authorizationdb write right-name [allow|deny|rulename]
authorizationdb remove right-name
Read/Modify authorization policy database. Without a rulename write will read a dictionary as a
plist from stdin.
Examples
security> security authorizationdb read system.privilege.admin > /tmp/aewp-def
Read definition of system.privilege.admin right.
security> security authorizationdb write system.preferences < /tmp/aewp-def
Set system.preferences to definition of system.privilege.admin right.
security> security authorizationdb write system.preferences authenticate-admin
Every change to preferences requires an Admin user to authenticate.
+26You need admin access to remove Wi-Fi networks as it impacts all users. Its dumb, but how Apple does things. Try giving everyone access to modify the items below and see if that helps.
#!/bin/bash
echo allowing everyone to write to network and wifi services
/usr/bin/security authorizationdb write system.preferences.network allow
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow
/usr/bin/security authorizationdb write com.apple.wifi allow
+4You need admin access to remove Wi-Fi networks as it impacts all users. Its dumb, but how Apple does things. Try giving everyone access to modify the items below and see if that helps.
#!/bin/bash echo allowing everyone to write to network and wifi services /usr/bin/security authorizationdb write system.preferences.network allow /usr/bin/security authorizationdb write system.services.systemconfiguration.network allow /usr/bin/security authorizationdb write com.apple.wifi allow
I’m testing this with a couple of MacBook Airs running 26.2. I got it to deploy fine and it kind of works. It definitely allows a standard user to remove the wifi network, but not without asking for admin credentials. We’re able to cancel the admin request and the wifi network is removed, but the pop up is a little annoying. Thoughts?
+4You need admin access to remove Wi-Fi networks as it impacts all users. Its dumb, but how Apple does things. Try giving everyone access to modify the items below and see if that helps.
#!/bin/bash echo allowing everyone to write to network and wifi services /usr/bin/security authorizationdb write system.preferences.network allow /usr/bin/security authorizationdb write system.services.systemconfiguration.network allow /usr/bin/security authorizationdb write com.apple.wifi allow
I’m testing this with a couple of MacBook Airs running 26.2. I got it to deploy fine and it kind of works. It definitely allows a standard user to remove the wifi network, but not without asking for admin credentials. We’re able to cancel the admin request and the wifi network is removed, but the pop up is a little annoying. Thoughts?
Found another post saying the same thing...gonna try their solution of adding /usr/bin/security authorizationdb write system.preferences allow to the script.
+4Still having the same result if anyone has a thought. Admin box comes up, can be canceled and works, but still annoying.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.