Help

Allow Standard users to change Network, Power/Battery, Privacy/Security, and Printing settings?

Go to solution
dungeonadept
New Contributor III

Posted on ‎10-03-2023 06:16 AM

I'd like to find a way to allow users to change the following things, either without a password or using their own, instead of needing admin rights.

  • Power settings, like how long before turning off the display on battery or power adapter
  • Network settings, like changing wi-fi networks Auto-Join setting
  • Printing settings, like updating Options and Supplies (this only started asking for an admin password since I think Ventura)
  • Privacy and Security, like adding an app to Accessibility.

Does anybody know a good way to do this? I wish the config profiles were a bit more like GPOs in this regard because I suspect I need a script instead of a checkbox.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
mschlosser
Contributor
In response to dungeonadept

Posted on ‎10-03-2023 06:38 AM

more info is available here:

https://scriptingosx.com/2018/05/demystifying-root-on-macos-part-4-the-authorization-database/#:~:te...

 

Also man security is a decent read in terminal.

 

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
mschlosser
Contributor

Posted on ‎10-03-2023 06:27 AM

This sort of thing can be achieved by manipulating the SQL database stored at:

/var/db/auth.db

However the is not the recommended way to do this. The proper and supported way is to use the security authorization command and switches.

Hope that helps.

M

 

Go to solution
dungeonadept
New Contributor III
In response to mschlosser

Posted on ‎10-03-2023 06:30 AM

@mschlosser wrote:

The proper and supported way is to use the security authorization command and switches.

Can you expand on this? Or do you just mean using admin credentials when clicking the padlock on the settings pages?

0 Kudos

Go to solution
mschlosser
Contributor
In response to dungeonadept

Posted on ‎10-03-2023 06:38 AM

more info is available here:

https://scriptingosx.com/2018/05/demystifying-root-on-macos-part-4-the-authorization-database/#:~:te...

 

Also man security is a decent read in terminal.

 

0 Kudos

Go to solution
dungeonadept
New Contributor III
In response to mschlosser

Posted on ‎10-12-2023 08:52 AM

I've got a script going, but at least in Sonoma and Ventura, none of it seems to be taking effect. Anything I'm missing here, or are things just broken in the newer OSes?

#!/bin/sh

#system preferences
security authorizationdb write system.preferences.network authenticate-session-owner-or-admin
security authorizationdb write system.preferences.accessibility authenticate-session-owner-or-admin
security authorizationdb write system.preferences.energysaver allow
security authorizationdb write system.preferences.printing allow
security authorizationdb write system.preferences.datetime authenticate-session-owner-or-admin

#Printing
security authorizationdb write system.printingmanager allow
security authorizationdb write system.print.admin allow
security authorizationdb write system.print.operator allow

#potential force restart and shutdown if other users logged in
security authorizationdb write system.restart allow
security authorizationdb write system.shutdown allow

exit 0
0 Kudos

Go to solution
YanW
Contributor III
In response to dungeonadept

Posted on ‎10-03-2023 07:07 AM

I'm using something like this 

/usr/bin/security authorizationdb write system.preferences.network allow