Posted on 09-09-2014 06:05 AM
In the AD client, I have a AD group in the "Allow Administration By" field under the Administrative tab.
When a network user logs in, the get an account just fine. It even says "Administrator" in the user list in Sys Prefs. However, when they try to use their username/password to authenticate as an admin to install something, OSX says they don't have rights.
These are 10.9.4 clients so far. Any other way to easily give users admin rights?
Posted on 09-09-2014 06:23 AM
Yes there is a script that you can run to make the user an Admin.
#!/bin/bash
#
####################################################################################################
#
# Copyright (c) 2013, JOHN KITZMILLER. All rights reserved.
#
# THIS SOFTWARE IS PROVIDED BY JOHN KITZMILLER "AS IS" AND ANY
# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL JOHN KITZMILLER BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#####################################################################################################
#
# SUPPORT FOR THIS PROGRAM
#
# This program is distributed "as is" by John Kitzmiller. For more
# information or support for this script, please visit kitzy.org.
#
#####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
# makeAdminUser.sh
#
####################################################################################################
#
# HISTORY
#
# Version: 1.0
#
# - Created by John Kitzmiller
#
####################################################################################################
# Check to make sure $3 is set properly by the JSS, if not, set the current username manually
# This is a workaround for D-005003 (resolved in 9.01)
if [ -z $3 ];
then
currentUser=`stat -f '%Su' /dev/console`
else
currentUser=$3
fi
# Add the current user to the local admin group on the Mac
dseditgroup -o edit -a $currentUser -t user admin
if [ "$?" == "0" ];
then
echo "Successfully added $currentUser to admin group"
else
echo "ERROR: Unable to add $currentUser to admin group"
exit 1
fi
exit 0
Posted on 10-02-2014 08:13 AM
Is there a way to make this script check the JSS for the assigned user and only grant admin rights to that account?
Posted on 10-02-2014 08:17 AM
Given the right motivation, and talent anything is possible.