Closed Macbooks without root / admin rights

New Contributor II

We have a number of Macbooks in the environment where developers can promote themselves to root to install applications.
Now we also have a number of Macbooks with a different profile that we want to keep closed.
You temporarily need root/admin rights to install various applications outside of Self Service.
How can we best realize this to keep these Macbooks closed?
Please your advice.


New Contributor

Did you have a fix on this issue? Challenging a relative issue yet no response from anyone and couldn't see this point taking a gander at in google.

Legendary Contributor III

You need to look at using a temporary admin process. There are several workflows around, including this one, which is popular in the Jamf community -


Valued Contributor II

I have deployed this script in Self Service and it has worked really well.

New Contributor

For getting in the setup process, you have to remove the file “. AppleSetUpDone” via Terminal or macOS Recovery mode. Then, you can recover the admin rights of your original admin account via the new administrator account. After that, you can reboot into your recovered one and delete the interim admin account.

H and R Block Online

New Contributor III