Skip to main content

I came across a problem we have with Mavericks in reguards to the unlock of system preferences.
As our users are non admin users on there machines they can acess some system resources like Network settings without them.



After testing Mavericks we came across that this is not working any longer in the know way via the authorization file.
According to AFTP548.com it's using a DB now for this purpose.



But even with this solution provided here: http://www.afp548.com/2013/10/22/modifying-the-os-x-mavericks-authorization-database/ it's not working.



The error we get is: NO [-60005]



The clients has been upgraded from 10.8 to 10.9.
Any ideas about this?



Thanks for your help

Are you calling `security authorizationdb` as root or via sudo? Hard to diagnose when you don't show your work!

I think you need to have



security authorizationdb write system.preferences allow


before trying to unlock single PrefPanes.
After that you can do for example



security authorizationdb write system.preferences.datetime allow


to unlock Date&Time Prefs.



To unlock Network Prefs, you need



security authorizationdb write system.preferences.network allow

security authorizationdb write system.services.systemconfiguration.network allow

Thanks Chris.
After a reboot this works like charme.



Is there a source where I can find all system.preferences files that might be able to be unlocked?



Cheers,
Maik

Here's a list for Mountain Lion



http://www.dssw.co.uk/blog/2013/05/27/authbuddy-introducing-our-new-authorization-rights-tool-for-mac-os-x/

Thanks Chris.
Hope that some of them are still working in 10.9



Cheers,
Maik

Sorry to necro post, but Is there a way to enable only a certain piece of the networking Preference Pane? Specifically, the proxies section. My users are also not Admins but require to make changes to the proxy settings for testing. Is there any way to do this easily? A script was written to allow this via the command line, but unfortunately it only allows entry of 1 proxy at a time. A GUI solution would work the best. Any ideas?

pretty sure you cant have that level of granularity. i would suggest creating an application/script available via self service that prompts the user for the proxy servers and then writes that out using networksetup. using self service should allow the script/application to run with elevated privileges for non-admins

jrserapio said:
" Is there a way to enable only a certain piece of the networking Preference Pane? Specifically, the proxies section"



I've used Locations for that purpose in the past. The only difference between each Location is the proxy entry. Quick & easy to flip between proxies and can also be scripted with networksetup.

Hi Chris can you please help me in unlocking the sharing panel in system preference "security authorizationdb write system.preferences.sharing allow" didn't work.

Thanks for the replies.
Calum - That is a good idea. I will see if i can get something like that going. Basically the userbase is Developers who dont have admin rights.
gchallis - Thanks for the response, but i would need to have an overwhelming amount of different locations to meet their needs going that route. The users change their proxies constantly for testing, which makes it a bit more difficult.

Terms & ConditionsCookie settings