Skip to main content
Question

Adding new network interfaces without giving users admin rights

  • April 8, 2016
  • 2 replies
  • 27 views
B
Forum|alt.badge.img+26

So I'll preface this by noting I'm taking the "lazy" approach to a problem.

We have provided MacBook Airs to all of our teaching staff at two schools. We also have them Thunderbolt 2 Express docking stations with Ethernet Adapters.

All seems to work well provided the teachers use the same dock they are issued. Problem is when they switch rooms. El Cap sees a dock in a different room as a new network interface and promptly asks for admin password.

Simple question is this...how do I cede the rights to add new network interfaces to a given AD group on a local MacBook.

It probably involves using the 'security' command and editing the authorization database. Any advice on which keys, strings, or help with the command syntax is highly sought after. I can't cede admin rights themselves, but I'm open to any creative solution that might hit the problem hard.

Thank you in advance,
Blackholemac

    2 replies

    H
    Forum|alt.badge.img+16
    • hkabik
    • Honored Contributor
    • April 9, 2016
    #!/bin/sh

security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.network allow

    That will give them admin access to the Network System Preference Pane.

    J
    Forum|alt.badge.img+3
    • Jaxson75
    • New Contributor
    • May 11, 2016

    How about remove it after the user did what was needed, or can this be scripted with a self removal of the rights?

    Terms & ConditionsCookie settingsAccessibility statement