Allow Standard User to remove Wi-Fi networks with prompt

DouglasWard-IA
New Contributor III

We set our users to be Standard users on their Macs, and which prevents them from being able to delete Wi-Fi SSIDs. Sometimes, we've needed to allow them to do so, so we have a script in Self Service that will delete a known SSID when run.

#!/bin/sh

## Get the wireless port ID
WirelessPort=$(networksetup -listallhardwareports | awk '/Wi-Fi|AirPort/{getline; print $NF}')

## Run a SSID removal if its present
networksetup -removepreferredwirelessnetwork $WirelessPort "NAMEOFTHESSID" 2>/dev/null

But we've run into a situation where a work-from-home user wants to delete an SSID from their home network, etc. I was wondering if there's a way to a have a script that would allow the user to choose from existing "preferred wireless networks" SSIDs and choose which one to delete? That way, we could just have one "Remove Wi-Fi Networks" item in Self Service, and users could remove whichever one they want.

1 ACCEPTED SOLUTION

stevewood
Honored Contributor II
Honored Contributor II

You can actually allow standard users to edit the wi-fi list themselves without using Self Service. If you make a change to the authorizationdb using the security binary, they can delete SSIDs themselves. These are the commands:

/usr/bin/security authorizationdb write system.preferences.network allow
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow

/usr/bin/security authorizationdb write com.apple.wifi allow

This was provided in this JN post:

https://community.jamf.com/t5/jamf-pro/changing-preferred-wifi-networks-without-admin-rights/m-p/139...

 

 

 

View solution in original post

2 REPLIES 2

stevewood
Honored Contributor II
Honored Contributor II

You can actually allow standard users to edit the wi-fi list themselves without using Self Service. If you make a change to the authorizationdb using the security binary, they can delete SSIDs themselves. These are the commands:

/usr/bin/security authorizationdb write system.preferences.network allow
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow

/usr/bin/security authorizationdb write com.apple.wifi allow

This was provided in this JN post:

https://community.jamf.com/t5/jamf-pro/changing-preferred-wifi-networks-without-admin-rights/m-p/139...

 

 

 

DouglasWard-IA
New Contributor III

Steve, that almost works: it unlocks the networking pane, but it seems it still requires admin credentials to remove the Wi-Fi network. A Self Service script with a prompt/dropdown list would be run as an admin through Jamf. It does work, needed the 

/usr/bin/security authorizationdb write com.apple.wifi allow

line. Thanks!