Adding new network interfaces without giving users admin rights

blackholemac
Valued Contributor III

So I'll preface this by noting I'm taking the "lazy" approach to a problem.

We have provided MacBook Airs to all of our teaching staff at two schools. We also have them Thunderbolt 2 Express docking stations with Ethernet Adapters.

All seems to work well provided the teachers use the same dock they are issued. Problem is when they switch rooms. El Cap sees a dock in a different room as a new network interface and promptly asks for admin password.

Simple question is this...how do I cede the rights to add new network interfaces to a given AD group on a local MacBook.

It probably involves using the 'security' command and editing the authorization database. Any advice on which keys, strings, or help with the command syntax is highly sought after. I can't cede admin rights themselves, but I'm open to any creative solution that might hit the problem hard.

Thank you in advance,
Blackholemac

2 REPLIES 2

hkabik
Valued Contributor
#!/bin/sh

security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.network allow

That will give them admin access to the Network System Preference Pane.

Jaxson75
New Contributor II

How about remove it after the user did what was needed, or can this be scripted with a self removal of the rights?