We’ve recently removed admin rights on Macs for all of our users. Does anyone know of a way to enable users to always be able to administer preferred/saved Wifi networks which are saved on their machines without having to grant them temporary admin rights?
Page 1 / 1
We use a script mentioned in this thread to allow users to set preferred networks in Self Service.
Does that help at all?
Maybe try:
#!/bin/bash
# Workaround as shown in https://www.jamf.com/jamf-nation/discussions/19050/add-wifi-networks-without-admin-privileges
# Allows non-admin users to add printers and manage their WiFi configuration.
#For WiFi
/usr/bin/security authorizationdb write system.preferences.network allow
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow
#For printing
/usr/bin/security authorizationdb write system.preferences.printing allow
/usr/bin/security authorizationdb write system.print.operator allow
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group lpadmin
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group _lpadmin
exit 0;@dsavageED - That worked perfectly, thank you!
Maybe try:
#!/bin/bash
# Workaround as shown in https://www.jamf.com/jamf-nation/discussions/19050/add-wifi-networks-without-admin-privileges
# Allows non-admin users to add printers and manage their WiFi configuration.
#For WiFi
/usr/bin/security authorizationdb write system.preferences.network allow
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow
#For printing
/usr/bin/security authorizationdb write system.preferences.printing allow
/usr/bin/security authorizationdb write system.print.operator allow
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group lpadmin
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group _lpadmin
exit 0;Is this still valid for macOS 12.3.1? I just tried it and while networking is now indeed unlocked it will ask me for admin logon when I hit OK. The changes wont stick without it.
Is this still valid for macOS 12.3.1? I just tried it and while networking is now indeed unlocked it will ask me for admin logon when I hit OK. The changes wont stick without it.
I'm seeing the same issue; the networking pane is unlocked, but when I choose a Wi-Fi networks and hit the minus "-", it asks me for admin login.
It does work, it just needs the
/usr/bin/security authorizationdb write com.apple.wifi allowline in it too.
May be a dumb question, but I assume this is just a "run once per machine" deployment, or do we need to stick it in self service to be run on demand
I run it "once per machine".
I'm seeing the same issue; the networking pane is unlocked, but when I choose a Wi-Fi networks and hit the minus "-", it asks me for admin login.
It does work, it just needs the
/usr/bin/security authorizationdb write com.apple.wifi allowline in it too.
Did that, policy ran ok with below results but making changes to WiFi STILL asks me for admin credentials.
| [STEP 1 of 4] |
| Executing Policy System Preferences - Print and WiFi without admin |
| [STEP 2 of 4] |
| Running script System Preferences - Print and WiFi without admin... |
| Script exit code: 0 |
| Script result: YES (0) YES (0) YES (0) YES (0) YES (0) |
| [STEP 3 of 4] |
| [STEP 4 of 4] |
Did that, policy ran ok with below results but making changes to WiFi STILL asks me for admin credentials.
| [STEP 1 of 4] |
| Executing Policy System Preferences - Print and WiFi without admin |
| [STEP 2 of 4] |
| Running script System Preferences - Print and WiFi without admin... |
| Script exit code: 0 |
| Script result: YES (0) YES (0) YES (0) YES (0) YES (0) |
| [STEP 3 of 4] |
| [STEP 4 of 4] |
Well, well, the test machine I have is Ventura 13.01, and indeed, it is now asking for admin credentials. Looks like we'll need another solution.
Well, well, the test machine I have is Ventura 13.01, and indeed, it is now asking for admin credentials. Looks like we'll need another solution.
This is how Apple keeps us entertained.
Well, well, the test machine I have is Ventura 13.01, and indeed, it is now asking for admin credentials. Looks like we'll need another solution.
Not sure if this is relevant but I added /usr/libexec/airportd prefs RequireAdminNetworkChange=NO RequireAdminIBSS=NO before testing
While testing on Ventura, I found that I'm prompted for the admin password, but I click Cancel and the removal still works. Curious if you get the same result.
does anyone know how to reverse the script so it's back to being admin locked?
does anyone know how to reverse the script so it's back to being admin locked?
I believe you will have to delete the preferences you made changes to in order to get it back the way it was.
Anyone has found or written a script to allow user changes for WiFi settings for Ventura?
Anyone has found or written a script to allow user changes for WiFi settings for Ventura?
I'm struggling to allow this on MacOS Ventura as well.
Anyone found a solution?
I'm struggling to allow this on MacOS Ventura as well.
Anyone found a solution?
i have rearranged the code to only allow the 'Activation W-Lan Management Settings'
Maybe try this:
#!/bin/bash
# Workaround as shown in https://www.jamf.com/jamf-nation/discussions/19050/add-wifi-networks-without-admin-privileges
# Allows non-admin users to manage their WiFi configuration.
#For WiFi
/usr/bin/security authorizationdb write system.preferences.network allow
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow
/usr/bin/security authorizationdb write com.apple.wifi allow
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group lpadmin
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group _lpadmin
exit 0;
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.