Posted on 03-20-2019 09:51 AM
Still learning Jamf so it's probably been asked before, but I can't seem to find it here. Is there a way to have a policy that requires admin credentials to be installed? I assume to be pushed with the credentials somehow embedded? A script? I have some security software that is required on all macs, but needs elevated rights to install. If a standard user is enrolling remotely, they won't be able install this software and ultimately won't have internet access. The software is Zscaler. Thanks.
Posted on 03-20-2019 10:04 AM
I am assuming that the policy is coming from Jamf or it would be an odd place to ask the question. Under that assumption, the policy runs as root, not the user. Even if the user was to use Self Service, the jamf policy command is still run as root.
Posted on 03-20-2019 10:14 AM
^^^
Posted on 03-20-2019 10:31 AM
Thank you rob. Still learning this stuff. Why would I still be getting a prompt for credentials then when its trying to get installed? I must have done something wrong when creating the policy?
Posted on 03-20-2019 11:16 AM
My guess is that the installer is an application vs an Apple installer or even an application that has an Apple Installer wrapped around it. Basically, companies that make installers are generally not that great.
The easy way to see if it is the installer being silly is to do this assuming it is a .pkg or .mpkg
Open Terminal and enter
sudo installer -pkg <path to package> -target /
For the <path to package> there are no brackets and I would just drag package to Terminal so that it fills in the path.
If the current user is not an admin on the box, then prior to the above do
su <administrator account name>
I hope that helps some
Posted on 03-22-2019 10:17 AM
Looking at this page (https://help.zscaler.com/z-app/customizing-zscaler-app-install-options-macos) I would stash the zscaler install app in an accessible location on the user's device (like /Users/shared or /tmp) and then execute the suggested terminal command as either part of the policy (look for "Execute command" in the "Files and Processes" section when creating a policy) or you could re-package the installer and include the command in a post-install script.