Skip to main content

My organization is looking to rely less on local admin accounts. We mainly use admin accounts that exist in our IdP (Okta) to preform any tasks that needs hands on elevated permissions. We do have a managed admin account set up with LAPs to rotate a password, but prefer to avoid that if possible.


The issue we run into if one of our admin accounts does not already exist on the machine we can not simply enter credentials if it needs elevated permissions. Is there a way, or has anyone made a script to prompt the Jamf Connect log in window if a user is already signed in? Something where this would create a user similar to a Windows experience with a UAC prompt.

What you are wanting to do is simply not possible. MacOS has no concept of on demand account creation, which is functionally what you are doing with UAC on Windows.


Your options are to:



  • Use Jamf to run a script.

  • Using a local admin account to do the thing.

  • To get a remote support tool that runs in root space that has CLI access. 

Reply


Terms & ConditionsCookie settings