Posted on 10-03-2023 06:16 AM
I'd like to find a way to allow users to change the following things, either without a password or using their own, instead of needing admin rights.
Does anybody know a good way to do this? I wish the config profiles were a bit more like GPOs in this regard because I suspect I need a script instead of a checkbox.
Solved! Go to Solution.
Posted on 10-03-2023 06:38 AM
more info is available here:
Also man security is a decent read in terminal.
Posted on 10-03-2023 06:27 AM
This sort of thing can be achieved by manipulating the SQL database stored at:
/var/db/auth.db
However the is not the recommended way to do this. The proper and supported way is to use the security authorization command and switches.
Hope that helps.
M
Posted on 10-03-2023 06:30 AM
@mschlosser wrote:The proper and supported way is to use the security authorization command and switches.
Can you expand on this? Or do you just mean using admin credentials when clicking the padlock on the settings pages?
Posted on 10-03-2023 06:38 AM
more info is available here:
Also man security is a decent read in terminal.
Posted on 10-12-2023 08:52 AM
I've got a script going, but at least in Sonoma and Ventura, none of it seems to be taking effect. Anything I'm missing here, or are things just broken in the newer OSes?
#!/bin/sh
#system preferences
security authorizationdb write system.preferences.network authenticate-session-owner-or-admin
security authorizationdb write system.preferences.accessibility authenticate-session-owner-or-admin
security authorizationdb write system.preferences.energysaver allow
security authorizationdb write system.preferences.printing allow
security authorizationdb write system.preferences.datetime authenticate-session-owner-or-admin
#Printing
security authorizationdb write system.printingmanager allow
security authorizationdb write system.print.admin allow
security authorizationdb write system.print.operator allow
#potential force restart and shutdown if other users logged in
security authorizationdb write system.restart allow
security authorizationdb write system.shutdown allow
exit 0
Posted on 10-03-2023 07:07 AM
I'm using something like this
/usr/bin/security authorizationdb write system.preferences.network allow