@FloridaChris
+1 @ - @mack525 is spot on. That 110% works, but if you are not familiar with python and if you are familiar with shell, here is a shell script that was shared with me, its not perfect, you will need to customize it for checks when logging off, shutting down, etc because if the users shuts the computer down while the script is running, they can stay perm administrator. again, it is flawed, but if you know shell and can set it up for your environment how you see fit, it works wonders. Hopefully some other users can chime in on alternative solutions, or better yet, a more polished solution.
#!/bin/bash
# Get username of current logged in user
# This method breaks if you allow multiple accounts logged in.
USERNAME=$(who|grep console|awk '{print $1}')
membership=$(dsmemberutil checkmembership -U $USERNAME -G admin)
if [ "$membership" == "user is not a member of the group" ];
then
if ! launchctl list|grep -q com.apple.atrun; then launchctl load -w /System/Library/LaunchDaemons/com.apple.atrun.plist; fi
/usr/sbin/dseditgroup -o edit -a $USERNAME -t user admin
echo dseditgroup -o edit -d $USERNAME -t user admin|at now +5 minutes &>/dev/null
/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType hud -description "$USERNAME has been granted Administrative rights for 5 minutes." -title "Administrative rights" -button1 "OK" -icon /Library/User Pictures/Animals/Eagle.tif -timeout 3 &>/dev/null
fi
