Are you calling airportd in addition to the authorizationdb mods? Its been a few major OS releases since I've had cause (complaints) to look into this, but here are the commands I've been using the let non-admins change network settings:

/usr/bin/security authorizationdb write system.preferences.network allow;
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow;
/usr/libexec/airportd $(/usr/sbin/networksetup -listnetworkserviceorder | /usr/bin/sed -n 's/)//g;s/.*.Wi-Fi,.Device:.//p') prefs RequireAdminIBSS=Yes RequireAdminNetworkChange=No RequireAdminPowerToggle=No

RequireAdminIBSS=Yes will prevent non-admins from creating ad hoc networks.

/usr/bin/security authorizationdb write system.preferences.network allow;
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow;
/usr/libexec/airportd $(/usr/sbin/networksetup -listnetworkserviceorder | /usr/bin/sed -n 's/)//g;s/.*.Wi-Fi,.Device:.//p') prefs RequireAdminIBSS=Yes RequireAdminNetworkChange=No RequireAdminPowerToggle=No

While I understand this is not exaclty what you are asking, and it assumes the network port, however perhaps this might work for what you need to accomplish:

/usr/bin/security authorizationdb write system.preferences.network allow;
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow;
/usr/libexec/airportd $(/usr/sbin/networksetup -listnetworkserviceorder | /usr/bin/sed -n 's/)//g;s/.*.Wi-Fi,.Device:.//p') prefs RequireAdminIBSS=Yes RequireAdminNetworkChange=No RequireAdminPowerToggle=No

Thanks for this!

I've had lines one and two in my script, but the third line is new.

I just tried to run this through a policy, but I'm still getting an admin prompt when applying the changes. But, when I run this manually through terminal, everything works as intended.

Any ideas?

Check that something isn't getting munged by looking at the logs for the policy in the management UI or using jamf policy -verbose -id ## . Alternately, see if a simplified version does the trick:

# for machines without built-in ethernet
/usr/libexec/airportd en0 prefs RequireAdminIBSS=Yes RequireAdminNetworkChange=No RequireAdminPowerToggle=No

# for machines with built-in ethernet
/usr/libexec/airportd en1 prefs RequireAdminIBSS=Yes RequireAdminNetworkChange=No RequireAdminPowerToggle=No

 Also, to confirm, I take it you are just want users to be able to add and remove known Wi-Fi networks, not locations or interfaces?

# for machines without built-in ethernet
/usr/libexec/airportd en0 prefs RequireAdminIBSS=Yes RequireAdminNetworkChange=No RequireAdminPowerToggle=No

# for machines with built-in ethernet
/usr/libexec/airportd en1 prefs RequireAdminIBSS=Yes RequireAdminNetworkChange=No RequireAdminPowerToggle=No

According to the Jamf, the script is running successfully.

I swapped out the last line for the simplified version, but I'm still getting the same result.

I'm looking to just allow my users the ability to remove known Wi-Fi networks only. If they accidentally click on our guest network, or connect to a network at another location and want to remove it later, they can then remove it.

The output is only giving me a YES (0) results for the authorizationdb lines. Should I be getting feedback about the third line that calls airportd?