Skip to main content

Hi - so our organization is wanting to remove admin access to all users ( windows/mac); our macs are not joined to the domain - managed with JAMF and self service portal.  What is the best way to allow users the ability to temporally have admin rights on their mac and is there a white listing/approval option. I'm slowly taking over the JAMF/MAC responsibilities and just need some direction. I have been shown a script that can run in self service and also the priveleges.app but wanted feedback. On windows, I was used to a product called cyberarc in my previous role where we outlined whitelisted apps; but users could be given temporary access for specific functions/applications be either over ride or a code we would send. 

Hi @ckelley 

i found this one working pretty good, with some mods of course.

 

https://soundsnw.wordpress.com/2020/01/26/zsh-script-to-grant-standard-users-temporary-admin-rights/

Use the privileges app:

GitHub - SAP/macOS-enterprise-privileges: For Mac users in an Enterprise environment, this app gives the User control over administration of their machine by elevating their level of access to Administrator privileges on macOS. Users can set the time frame using Preferences to perform specific tasks such as install or remove an application.  

You can also use a product called Beyond Trust. It's similar to CyberArk, but more user friendly. It even has built in Jamf support to make your job easier.

Terms & ConditionsCookie settingsAccessibility statement