Jamf Nation Community

fbaker · ‎11-06-2015

Hello everybody! I'm having an issue once a user takes their macbook air home and it's no longer connected to the school wifi.

We have a group in active directory that we put in all of our teachers that have a macbook. During my enrollment into the JSS, during directory bindings it allows that group to be an administrator of the mac.

Users are reporting once they go home and they try to make any changes to the mac (installing or removing of programs, etc) it prompts them for the local administrator password, which we will not give them.

I've tried setting up a mobility profile to see if that fixes it, but I'm not entirely sure on all the correct settings I need to be using to mimic as if they were still connecting on campus as they are at home.

Could anybody that has messed with this shed some light on how I need to proceed. Thanks!

ACousino · ‎11-06-2015

We had this issue when we gave our teachers Macs a few years ago. Currently what we do is have a policy scoped to the teachers that runs and makes their account admins. Essentially they login for the first time using their normal AD credentials and run this policy through Self Service.

fbaker · ‎11-06-2015

@ACousino Would you mind telling me how you set that policy up?

Under the accounts things I only see password modifications and such. I'd be willing to give this a try if you could help me out with that.

ACousino · ‎11-06-2015

It's a policy we have set to run a script that makes the current logged on user an administrator. We assign it to teacher machines and they run as part of their setup at the beginning of the year.

dwandro92 · ‎11-06-2015

View the script that I posted in another thread to see how to do this during imaging. You would simply need to remove the second part of the script, which removes unapproved admins.

Jamf Nation Community

Allowing users to manage macs off of network - mobility profile?