Help

Pointless administrator prompt when forgetting wifi settings?

Go to solution
johntgeck
Contributor

a month ago

Hello,

 

Experiencing a strange issue and was wondering if the community have seen this before.

We run our users as Standard users, no admin access.

We use a script to enable certain permissions, including printer management and wifi management.

On a standard user account on a 2020 macbook pro, having run the following terminal commands as part of a script:

/usr/bin/security authorizationdb write system.preferences.network allow
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow
/usr/bin/security authorizationdb write com.apple.wifi allow

I am now able to "Forget" SSIDs, but it still prompts me for administrator username and password. Weirdly, you can see that it forgets the network regardless of whether I hit Cancel or put in local admin creds.

Is this just a weird glitch that we'll have to deal with telling users "Just hit cancel", or is there something else I can do to fix this?

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
johntgeck
Contributor

4 weeks ago

I figured it out! Shoutout to the macadmin slack.

/usr/bin/security authorizationdb write system.preferences allow

This gives the user the broader authority to make the changes in System Preferences that we allow. YMMV of course but we generally allow our staff users full access to things that aren't security- or compliance-mandated and locked down with a profile. Use with caution.

View solution in original post

0 Kudos
Reply
5 REPLIES 5

Go to solution
AJPinto
Esteemed Contributor

a month ago

We do not do this ourselves, we have a EPM tool that handles permissions escalation. However, I could see apple not thinking of this workflow when designing the experience. I suggest submitting a feedback request with Apple if you have not done so already.

Reply

Go to solution
johntgeck
Contributor

a month ago

Can I ask what tool you're using?

0 Kudos
Reply

Go to solution
AJPinto
Esteemed Contributor
In response to johntgeck

a month ago

Currently CyberArk EPM. 

Reply

Go to solution
johntgeck
Contributor
In response to AJPinto

a month ago

Thanks for the rec. At least it's something I can explore. I did submit an Apple Feedback Request btw

0 Kudos
Reply

Go to solution
johntgeck
Contributor

4 weeks ago

I figured it out! Shoutout to the macadmin slack.

/usr/bin/security authorizationdb write system.preferences allow

This gives the user the broader authority to make the changes in System Preferences that we allow. YMMV of course but we generally allow our staff users full access to things that aren't security- or compliance-mandated and locked down with a profile. Use with caution.

0 Kudos
Reply