Add Wifi Networks without Admin Privileges

Chuey
Contributor III

Hello,

Currently our staff have admin privileges on our Mac OS X Machines. We would like to take this away and make them a standard user. The only thing preventing us from doing so is adding Wifi Networks either at work or home.

Does anyone know a way we can give permission to add wifi networks to a standard user without admin privileges? Any help is much appreciated. We are typically a OS X 10.10.X or 10.11.X environment.

Thanks in advance

2 ACCEPTED SOLUTIONS

AVmcclint
Valued Contributor III

They should be able to do this by default. All our users are non-admins and they connect to other wifi networks all the time. Open hotspots as well as those requiring passwords. The one thing that DOES require admin rights is to delete unwanted SSIDs from the list.

View solution in original post

Chuey
Contributor III

Thanks @AVmcclint you're right. Under System Prefs > Network > Advanced > there are 3 options to either require admin privileges or not which is disabled by default.

1cbd925882fe4382bfb7008d113a800f

We found how to toggle these settings with this command and depending on the model of Macbook you use it may be en0 or en1:

/usr/libexec/airportd en0 prefs RequireAdminIBSS=Yes RequireAdminNetworkChange=Yes RequireAdminPowerToggle=Yes

YES will require admin and NO will not require admin.

Thanks for helping clarify this and hopefully this will help anyone else out there who wants to enable/disable people from changing their wifi network.

View solution in original post

8 REPLIES 8

bpavlov
Honored Contributor

This is a little bit more than you asked for but here you go:

Set access to System Preferences Panes
/usr/bin/security authorizationdb write system.preferences allow

For date/time

/usr/bin/security authorizationdb write system.preferences.datetime allow

For networking

/usr/bin/security authorizationdb write system.preferences.network allow
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow

For printing

/usr/bin/security authorizationdb write system.preferences.printing allow
/usr/bin/security authorizationdb write system.print.operator allow
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group lpadmin
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group _lpadmin
/usr/sbin/dseditgroup -o edit -n /Local/Default -a 'Domain Users' -t group lpadmin

AVmcclint
Valued Contributor III

They should be able to do this by default. All our users are non-admins and they connect to other wifi networks all the time. Open hotspots as well as those requiring passwords. The one thing that DOES require admin rights is to delete unwanted SSIDs from the list.

View solution in original post

Chuey
Contributor III

Thanks @AVmcclint you're right. Under System Prefs > Network > Advanced > there are 3 options to either require admin privileges or not which is disabled by default.

1cbd925882fe4382bfb7008d113a800f

We found how to toggle these settings with this command and depending on the model of Macbook you use it may be en0 or en1:

/usr/libexec/airportd en0 prefs RequireAdminIBSS=Yes RequireAdminNetworkChange=Yes RequireAdminPowerToggle=Yes

YES will require admin and NO will not require admin.

Thanks for helping clarify this and hopefully this will help anyone else out there who wants to enable/disable people from changing their wifi network.

View solution in original post

agakhan_admin
New Contributor II

HI AVmcclint

I am aware that this is old blog , but when I pushed the scripts on my user MacBook through Jamf, They can access network options easily but , as you mentioned, that Removing Unwanted SSID's prompts admin password. I can delete them but it still prompts. Do you know how to remove that option from coming? Although when I ignore the prompt by clicking cancel, the SSID is though removed but it is little un convenient to have the prompt

LeFLO
New Contributor

@agakhan_admin did you find a solution ? With Big Sur, I've the same issue.
Regards

Franck

agakhan_admin
New Contributor II

@LeFLO Hi There - No, haven't found.

G_M__webkfoe_
New Contributor III

On Big Sure we can't go into the "Advanced" option of the Network preferences and make any edit (like trying to enable/disable the autojoin on any wifi), as as soon as you hit the "OK" button you get prompted for admin credentials.

 

Anyone having a solution to this..?

G_M__webkfoe_
New Contributor III

Thanks to @LM from the MacAdmins slack channel I've been able to find a solution.

 

adding the following piece of code will do the trick:

 

sudo security authorizationdb write com.apple.wifi allow

 

BUT, unfortunately you will have to re-apply it every time the device is restarted.

The easiest way for those who are not willing to create "special" automations, would be to create a policy which will run with an ongoing frequency, at every startup trigger, making sure to make the policy available offline (cache it).