Help

Privilege Elevation incorrectly flagging timetampering

Ryan_A_GDX
New Contributor III

Posted on ‎04-24-2024 09:00 AM

I am in the process of testing the privilege elevation feature in Jamf Connect 2.34.0. Everything seems to be working well, except I am noticing that after a period of time if I attempt to elevate nothing happens. If I run the command :

sudo defaults delete com.jamf.connect.state TimeTamperingDetected

I am able to elevate again. So it appears something is incorrectly triggering the timetamperingdetected and preventing me from elevating again. The configuration is set to 40 elevations/month for my testing, but I'm wondering if there is an issue with this setting and I should just remove it entirely? 

Has anyone else had any issues with this?

0 Kudos
Reply
1 REPLY 1

CraftyCilantro5
New Contributor III

Posted on ‎05-17-2024 07:58 AM

We've just started to use privilege elevation feature as well. Through different iterations of settings, we went from no limit to 100 back to no limit, with a duration of 90 minutes. We notice this happens more frequently when the machines fall asleep during those 90 minutes.

 

That being said, we are now experiencing the same issue of time tampering. I've now placed a policy payload files and processes to execute command

sudo defaults delete com.jamf.connect.state TimeTamperingDetected

 Until we can figure out a better solution, I'm thinking we keep the limit back to some high number.

Reply