Question

Privilege Escalation issues not deploying properly; Jamf Connect 2.39.0

9 months ago
October 10, 2024
1 reply
2 views

stiv_mcfadden

Hello everyone. I am testing Privilege Escalation for the first time with JC; 2.39.0. I want to do a very basic any user can escalate for 30 minutes with no password needed, just need to select a reason. The profile is deploying to the test workstation however the Request escalation is not appearing. Here are the necessary snippets. Any assistance you can give will be greatly appreciated.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Appearance</key>
<dict>
<key>AlternateBranding</key>
<true/>
<key>MenubarIcon</key>
<string>/usr/local/jamfconnect/cdi-LM@1x.png</string>
<key>MenubarIconDark</key>
<string>/usr/local/jamfconnect/cdi-DM@1x.png</string>
<key>ShowWelcomeWindow</key>
<false/>
</dict>
<key>CustomMenuItems</key>
<dict>
<key>connect</key>
<string>Okta Dashboard</string>
<key>gethelp</key>
<string>CDI Service Desk</string>
<key>getsoftware</key>
<string>MacBook Self Service</string>
</dict>
<key>HiddenMenuItems</key>
<array>
<string>actions</string>
<string>home</string>
<string>passwordexpiration</string>
<string>preferences</string>
<string>resetpassword</string>
<string>shares</string>
<string>quit</string>
</array>
<key>IdPSettings</key>
<dict>
<key>OktaAuthServer</key>
<string>cdi.okta.com</string>
<key>Provider</key>
<string>Okta</string>
</dict>
<key>PasswordPolicies</key>
<dict>
<key>PolicyRequirements</key>
<dict/>
</dict>
<key>SignIn</key>
<dict>
<key>AutoAuthenticate</key>
<true/>
</dict>
<key>UserHelp</key>
<dict>
<key>HelpOptions</key>
<string>https://chdn-amc.ivanticloud.com/</string>
<key>HelpType</key>
<string>URL</string>
</dict>
<dict>
<key>TemporaryUserPermissions</key>
<key>TemporaryUserPromotion</key>
<true/>
<key>URLCommandLineElevation</key>
<true/>
<key>UserPromotionTimer</key>
<true/>
<key>UserPromotionDuration</key>
<integer>30</integer>
<key>UserPromotionReason</key>
<true/>
<key>UserPromotionChoices</key>
<array>
<string>OS Update</string>
<string>Software Install</string>
<string>Development</string>
<string>Settings Change</string>
</array>
</dict>

</dict>
</plist>

sharriston
Valued Contributor
146 replies
9 months ago
October 14, 2024

It appears you are missing <dict> </dict> around the user promotion options. Here is how my snippet looks:

<key>TemporaryUserPermissions</key>
	<dict>
		<key>TemporaryUserPromotion</key>
		<true/>
                <key>URLCommandLineElevation</key>
		<true/>
		<key>UserPromotionTimer</key>
		<true/>
                <key>VerifyUserPromotion</key>
		<false/>
                <key>UserPromotionReason</key>
		<false/>
		<key>UserPromotionChoices</key>
		<array>
		 <string>Install Software</string>
		 <string>Change System Settings</string>
		 <string>Use Terminal</string>
		</array>
	</dict>

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos + marketing

Reply

Related topics

Disable copy/paste command from Touch Baricon

enrollment not working after testing unload/load of login windowicon

NetBoot issuesicon

Adding web links with icons to the dockicon

Disabling Safari Pop-up through script - user/permission problem?icon

Most helpful members this week

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings