I need help with standard user elevation as user should be able to forget the Wi-Fi networks as they required. in my case if it asks for admin credentials to forget the network.
is there any privilege management feature in jamf?
Solved
As a standard user, unable to forget Wi-Fi network
+5Best answer by AJPinto
You need admin access to remove Wi-Fi networks as it impacts all users. Its dumb, but how Apple does things. Try giving everyone access to modify the items below and see if that helps.
#!/bin/bash
echo allowing everyone to write to network and wifi services
/usr/bin/security authorizationdb write system.preferences.network allow
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow
/usr/bin/security authorizationdb write com.apple.wifi allow
+11good question, this is more then likely possible, by granting the rights with the security framework:
examples are as follows:
authorizationdb read right-name
authorizationdb write right-name [allow|deny|rulename]
authorizationdb remove right-name
Read/Modify authorization policy database. Without a rulename write will read a dictionary as a
plist from stdin.
Examples
security> security authorizationdb read system.privilege.admin > /tmp/aewp-def
Read definition of system.privilege.admin right.
security> security authorizationdb write system.preferences < /tmp/aewp-def
Set system.preferences to definition of system.privilege.admin right.
security> security authorizationdb write system.preferences authenticate-admin
Every change to preferences requires an Admin user to authenticate.
+26You need admin access to remove Wi-Fi networks as it impacts all users. Its dumb, but how Apple does things. Try giving everyone access to modify the items below and see if that helps.
#!/bin/bash
echo allowing everyone to write to network and wifi services
/usr/bin/security authorizationdb write system.preferences.network allow
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow
/usr/bin/security authorizationdb write com.apple.wifi allow
+4You need admin access to remove Wi-Fi networks as it impacts all users. Its dumb, but how Apple does things. Try giving everyone access to modify the items below and see if that helps.
#!/bin/bash echo allowing everyone to write to network and wifi services /usr/bin/security authorizationdb write system.preferences.network allow /usr/bin/security authorizationdb write system.services.systemconfiguration.network allow /usr/bin/security authorizationdb write com.apple.wifi allow
I’m testing this with a couple of MacBook Airs running 26.2. I got it to deploy fine and it kind of works. It definitely allows a standard user to remove the wifi network, but not without asking for admin credentials. We’re able to cancel the admin request and the wifi network is removed, but the pop up is a little annoying. Thoughts?
+4You need admin access to remove Wi-Fi networks as it impacts all users. Its dumb, but how Apple does things. Try giving everyone access to modify the items below and see if that helps.
#!/bin/bash echo allowing everyone to write to network and wifi services /usr/bin/security authorizationdb write system.preferences.network allow /usr/bin/security authorizationdb write system.services.systemconfiguration.network allow /usr/bin/security authorizationdb write com.apple.wifi allow
I’m testing this with a couple of MacBook Airs running 26.2. I got it to deploy fine and it kind of works. It definitely allows a standard user to remove the wifi network, but not without asking for admin credentials. We’re able to cancel the admin request and the wifi network is removed, but the pop up is a little annoying. Thoughts?
Found another post saying the same thing...gonna try their solution of adding /usr/bin/security authorizationdb write system.preferences allow to the script.
+4Still having the same result if anyone has a thought. Admin box comes up, can be canceled and works, but still annoying.
I have a script in a policy wicht our users can run from the SelfService. As Jamf runs these scripts as root there is no need for altering permissions:
#!/bin/zsh
#Coma separated list of persistent Networks (SSID1,SSID2,SSID3,...)
if [[ -n $4 ]] ; then
keepers=()
looper=$( echo $4 | awk -F ',' '{$1=$1} 1' )
for keep in $( echo $looper )
do
keepers+=$( echo $keep )
done
else
echo "Keepers not set."
exit 1
fi
#We use network locations, this is to make sure the user has selected on with WiFi enabled
language=$( sudo -u $3 defaults read -g AppleLanguages | grep -A1 "(" | grep -v "(" | awk -F '"' '{print $2}' )
current_location=$( networksetup -getcurrentlocation )
if [[ $current_location =~ "WiFi" ]] ; then
echo "Location seems to match, continuing now ..."
else
echo "Wrong network location."
if [[ $language == "de-DE" ]] ; then
osascript -e 'display dialog "Bitte zunächst auf Umgebung > WiFi < umstellen und dann erneut versuchen."'
DIALOG1RETURN=$?
else
osascript -e 'display dialog "Please switch to network location > WiFi < and run again."'
DIALOG1RETURN=$?
fi
echo $DIALOG1RETURN
exit 1
fi
#Welcoming the user to the workflow
if [[ $language == "de-DE" ]] ; then
osascript -e 'display dialog "Liste der bekannten WiFi-Netzwerke wird geladen. Bitte das zu entfernende auswählen und bestätigen."'
DIALOG2RETURN=$?
else
osascript -e 'display dialog "List of known WiFi-networks will be loaded. Please select the network to remove and commit."'
DIALOG2RETURN=$?
fi
if [[ $DIALOG2RETURN == "1" ]] ; then
echo "Aborted by user."
exit 0
fi
#Getting all knwon SSIDs
wireless=$( networksetup -listallhardwareports | grep -A 1 'Wi-Fi' | grep "Device" | awk -F ': ' '{print $2}' )
plainarray=()
searcharray=()
osaarray=()
networksetup -listpreferredwirelessnetworks "$wireless" | grep -v "Preferred networks on" | grep -vFf <(printf '%s\n' "${keepers[@]}") |
while read networkname ; do
listloaded="yes"
plainarray+=$( echo $networkname )
cleanedname=$( echo $networkname | sed "s/['\"]//g" )
searcharray+=$( echo $cleanedname )
osaarray+=$( echo '"'$cleanedname'",' )
done
#Displaying the SSIDs
if [[ $listloaded != "yes" ]] ; then
echo "No networks to remove."
networksetup -listpreferredwirelessnetworks "$wireless"
if [[ $language == "de-DE" ]] ; then
osascript -e 'display dialog "Keine Netzwerke zum Entfernen gefunden."'
else
osascript -e 'display dialog "No networks for removal found."'
fi
exit 0
fi
listsize=${#osaarray}
lastentry=$( echo $osaarray[$listsize] | sed 's/.$//' )
shift -p osaarray
osaarray+=$( echo $lastentry )
networklist=$( echo $osaarray )
selection=$( osascript -e "return choose from list {$networklist}" )
selectionindex=${searcharray[(Ie)$selection]}
plainname=$plainarray[$selectionindex]
echo 'User selected "'$plainname
if [[ $selectionindex == "0" ]] ; then
echo "ERROR. User selected: "$selection
if [[ $language == "de-DE" ]] ; then
osascript -e 'display dialog "Fehler bei der Auswahl des Netzwerks."'
else
osascript -e 'display dialog "Error selecting network."'
fi
exit 1
fi
#Removing the selected SSID
networksetup -removepreferredwirelessnetwork "$wireless" "$plainname"
REMOVESTATUS=$?
if [[ $REMOVESTATUS == "0" ]] ; then
if [[ $language == "de-DE" ]] ; then
osascript -e 'display dialog "Netzwerk '$plainname' erfolgreich entfernt."'
else
osascript -e 'display dialog "Network '$plainname' removed successfully."'
fi
else
if [[ $language == "de-DE" ]] ; then
osascript -e 'display dialog "Fehler beim Entfernen des Netzwerks '$plainname'."'
else
osascript -e 'display dialog "Error removing network '$plainname'."'
fi
echo "ERROR removing "$plainname
exit 1
fi
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.