Help

Adding new network interfaces without giving users admin rights

blackholemac
Valued Contributor III

Posted on ‎04-08-2016 03:12 PM

So I'll preface this by noting I'm taking the "lazy" approach to a problem.

We have provided MacBook Airs to all of our teaching staff at two schools. We also have them Thunderbolt 2 Express docking stations with Ethernet Adapters.

All seems to work well provided the teachers use the same dock they are issued. Problem is when they switch rooms. El Cap sees a dock in a different room as a new network interface and promptly asks for admin password.

Simple question is this...how do I cede the rights to add new network interfaces to a given AD group on a local MacBook.

It probably involves using the 'security' command and editing the authorization database. Any advice on which keys, strings, or help with the command syntax is highly sought after. I can't cede admin rights themselves, but I'm open to any creative solution that might hit the problem hard.

Thank you in advance,
Blackholemac

0 Kudos
Reply
2 REPLIES 2

hkabik
Valued Contributor

Posted on ‎04-08-2016 05:18 PM 

#!/bin/sh

security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.network allow

That will give them admin access to the Network System Preference Pane.

0 Kudos
Reply

Jaxson75
New Contributor II

Posted on ‎05-11-2016 02:14 PM

How about remove it after the user did what was needed, or can this be scripted with a self removal of the rights?

0 Kudos
Reply