Help

Auto admin privileges to users

Go to solution
SanduQi
New Contributor

Posted on ‎04-08-2022 05:36 AM

Hello guys, we need to push admin privileges automatically for all users on macbook. 

Perfect would be if any new user who will log in to macbook using active directory credentials will have admin privileges from start. I know about "make me admin" and "privileges" apps, but it does not automatically add it. Thanks

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
mm2270
Legendary Contributor III

Posted on ‎04-08-2022 08:11 AM

 

dseditgroup -o edit -a <username> -t user admin

 

Something like the above will add a user (specified by <username>) into the local machine admin group.

In terms of granting admin based on AD group membership, that's possible. You have to edit the "Allow administration by" value under the Administration tab in Directory Utility > Services > Active Directory. I would advise making this a permanent change in your AD bind configuration that you push to the Macs if you want it to apply to all.

This can also be scripted from what I can see from the dsconfigad manpage, though I've never done it myself in a script or shell command. Looks like it would be something like

 

dsconfigad -groups "group1,group2"

 

Making sure to put a comma between each group to be added and surrounding them all in double quotes.

View solution in original post

2 REPLIES 2

Go to solution
mm2270
Legendary Contributor III

Posted on ‎04-08-2022 08:11 AM

 

dseditgroup -o edit -a <username> -t user admin

 

Something like the above will add a user (specified by <username>) into the local machine admin group.

In terms of granting admin based on AD group membership, that's possible. You have to edit the "Allow administration by" value under the Administration tab in Directory Utility > Services > Active Directory. I would advise making this a permanent change in your AD bind configuration that you push to the Macs if you want it to apply to all.

This can also be scripted from what I can see from the dsconfigad manpage, though I've never done it myself in a script or shell command. Looks like it would be something like

 

dsconfigad -groups "group1,group2"

 

Making sure to put a comma between each group to be added and surrounding them all in double quotes.

Go to solution
SanduQi
New Contributor

Posted on ‎04-11-2022 12:29 AM

Thank you. will try. 

0 Kudos