Jamf Nation Community

DouglasWard-IA · ‎09-13-2022

We set our users to be Standard users on their Macs, and which prevents them from being able to delete Wi-Fi SSIDs. Sometimes, we've needed to allow them to do so, so we have a script in Self Service that will delete a known SSID when run.

#!/bin/sh

## Get the wireless port ID
WirelessPort=$(networksetup -listallhardwareports | awk '/Wi-Fi|AirPort/{getline; print $NF}')

## Run a SSID removal if its present
networksetup -removepreferredwirelessnetwork $WirelessPort "NAMEOFTHESSID" 2>/dev/null

But we've run into a situation where a work-from-home user wants to delete an SSID from their home network, etc. I was wondering if there's a way to a have a script that would allow the user to choose from existing "preferred wireless networks" SSIDs and choose which one to delete? That way, we could just have one "Remove Wi-Fi Networks" item in Self Service, and users could remove whichever one they want.

stevewood · ‎09-13-2022

You can actually allow standard users to edit the wi-fi list themselves without using Self Service. If you make a change to the authorizationdb using the security binary, they can delete SSIDs themselves. These are the commands:

/usr/bin/security authorizationdb write system.preferences.network allow
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow

/usr/bin/security authorizationdb write com.apple.wifi allow

This was provided in this JN post:

https://community.jamf.com/t5/jamf-pro/changing-preferred-wifi-networks-without-admin-rights/m-p/139...

View solution in original post

stevewood · ‎09-13-2022

You can actually allow standard users to edit the wi-fi list themselves without using Self Service. If you make a change to the authorizationdb using the security binary, they can delete SSIDs themselves. These are the commands:

/usr/bin/security authorizationdb write system.preferences.network allow
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow

/usr/bin/security authorizationdb write com.apple.wifi allow

This was provided in this JN post:

https://community.jamf.com/t5/jamf-pro/changing-preferred-wifi-networks-without-admin-rights/m-p/139...

JayKay27 · ‎02-07-2023

Thanks for this. Do you know how to reverse this? Just change everything from allow to deny?

DouglasWard-IA · ‎09-13-2022

Steve, that almost works: it unlocks the networking pane, but it seems it still requires admin credentials to remove the Wi-Fi network. A Self Service script with a prompt/dropdown list would be run as an admin through Jamf. It does work, needed the

/usr/bin/security authorizationdb write com.apple.wifi allow

line. Thanks!

markanderson · ‎10-26-2022

Steps to "Allow Standard User to remove Wi-Fi networks with prompt"

(i). Click the Start button. in the bottom left corner of the screen.
(ii). Type "network and" and select Network and Sharing Center from the search result.
(iii). Select Manage wireless networks.
(iv). Select the Wi-Fi profile you want to delete then select the Remove button.
(v). Select Yes to confirm.

Joostvantwout · Friday

Anyone has a solution for MacOS Ventura? After I I performed below users are able to delete WiFi networks but they still get a prompt to fill in admin credentials. (Which is not required to remove the wifi network)

/usr/bin/security authorizationdb write system.preferences.network allow

/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow

/usr/bin/security authorizationdb write com.apple.wifi allow