Hi - so our organization is wanting to remove admin access to all users ( windows/mac); our macs are not joined to the domain - managed with JAMF and self service portal. What is the best way to allow users the ability to temporally have admin rights on their mac and is there a white listing/approval option. I'm slowly taking over the JAMF/MAC responsibilities and just need some direction. I have been shown a script that can run in self service and also the priveleges.app but wanted feedback. On windows, I was used to a product called cyberarc in my previous role where we outlined whitelisted apps; but users could be given temporary access for specific functions/applications be either over ride or a code we would send.
Question
Mac Admin removal - temporary grant/white list
+2
+4Hi @ckelley
i found this one working pretty good, with some mods of course.
https://soundsnw.wordpress.com/2020/01/26/zsh-script-to-grant-standard-users-temporary-admin-rights/
+14You can also use a product called Beyond Trust. It's similar to CyberArk, but more user friendly. It even has built in Jamf support to make your job easier.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.