Help

Privilege Escalation issues not deploying properly; Jamf Connect 2.39.0

stiv_mcfadden
New Contributor

Posted on ‎10-10-2024 11:35 AM

Hello everyone.  I am testing Privilege Escalation for the first time with JC; 2.39.0.  I want to do a very basic any user can escalate for 30 minutes with no password needed, just need to select a reason.  The profile is deploying to the test workstation however the Request escalation is not appearing.  Here are the necessary snippets.  Any assistance you can give will be greatly appreciated.

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Appearance</key>
<dict>
<key>AlternateBranding</key>
<true/>
<key>MenubarIcon</key>
<string>/usr/local/jamfconnect/cdi-LM@1x.png</string>
<key>MenubarIconDark</key>
<string>/usr/local/jamfconnect/cdi-DM@1x.png</string>
<key>ShowWelcomeWindow</key>
<false/>
</dict>
<key>CustomMenuItems</key>
<dict>
<key>connect</key>
<string>Okta Dashboard</string>
<key>gethelp</key>
<string>CDI Service Desk</string>
<key>getsoftware</key>
<string>MacBook Self Service</string>
</dict>
<key>HiddenMenuItems</key>
<array>
<string>actions</string>
<string>home</string>
<string>passwordexpiration</string>
<string>preferences</string>
<string>resetpassword</string>
<string>shares</string>
<string>quit</string>
</array>
<key>IdPSettings</key>
<dict>
<key>OktaAuthServer</key>
<string>cdi.okta.com</string>
<key>Provider</key>
<string>Okta</string>
</dict>
<key>PasswordPolicies</key>
<dict>
<key>PolicyRequirements</key>
<dict/>
</dict>
<key>SignIn</key>
<dict>
<key>AutoAuthenticate</key>
<true/>
</dict>
<key>UserHelp</key>
<dict>
<key>HelpOptions</key>
<string>https://chdn-amc.ivanticloud.com/</string>
<key>HelpType</key>
<string>URL</string>
</dict>
<dict>
<key>TemporaryUserPermissions</key>
<key>TemporaryUserPromotion</key>
<true/>
<key>URLCommandLineElevation</key>
<true/>
<key>UserPromotionTimer</key>
<true/>
<key>UserPromotionDuration</key>
<integer>30</integer>
<key>UserPromotionReason</key>
<true/>
<key>UserPromotionChoices</key>
<array>
<string>OS Update</string>
<string>Software Install</string>
<string>Development</string>
<string>Settings Change</string>
</array>
</dict>

</dict>
</plist>

 

Screenshot 2024-10-10 at 1.23.54 PM.png

0 Kudos
Reply
1 REPLY 1

sharriston
Contributor III

Posted on ‎10-14-2024 07:16 AM

It appears you are missing <dict> </dict> around the user promotion options. Here is how my snippet looks:

<key>TemporaryUserPermissions</key>
	<dict>
		<key>TemporaryUserPromotion</key>
		<true/>
                <key>URLCommandLineElevation</key>
		<true/>
		<key>UserPromotionTimer</key>
		<true/>
                <key>VerifyUserPromotion</key>
		<false/>
                <key>UserPromotionReason</key>
		<false/>
		<key>UserPromotionChoices</key>
		<array>
		 <string>Install Software</string>
		 <string>Change System Settings</string>
		 <string>Use Terminal</string>
		</array>
	</dict>
0 Kudos
Reply