We would like our students to be able to configure / setup "Find My Mac" but they do not have administrative privileges. Has anyone worked through this issue?
The students are using 11" MBAs running 10.8.4 They are required to have a Apple ID (High School Kids)
Any suggestions appreciated.
Thanks in advance for any help you can give.
Eden Prairie Schools, Eden Prairie MN
You'll need to edit the /etc/authorization file to include a group that you want to have permission to unlock the Find My Mac features.
See this article for more info on editing the /etc/authorization file:
Here's an Apple Technical Note on the authorization file. While it's about writing your program to use an authorization database, it provides valuable information on how the authorization file is organized: https://developer.apple.com/library/mac/technotes/tn2095/_index.html#//apple_ref/doc/uid/DTS10003110-CH1-SECTION5
We have used that method to successfully unlock some other preference panes for non-admins previously, but I don't see anything in the file or the links you suggested that references iCloud or Find My Mac. Can you elaborate?
Eden Prairie Schools
I haven't tried it with "iCloud" in specific, but we use authorizationdb to allow access to Printers, Energy Saver, TM and a few other panels with great success. I don't have a 10.8 machine in front of me, but in 10.9 I'm not sure that an administrative password is required. At least it's not on the one in front of me, but that's a development unit and who know s what I've done to it ;-)
Pditty and I have had success with unlocking certain pieces of Sys Prefs for non-admins in 10.9, but still not Find My Mac. We can't find anything in the DB file that is tied to changing the state of FMM. The limitations of items in the DB that you have to work with and the lack of info about what some of them even are is frustrating. This is the best info we have been able to find about it:
As you can see, pretty incomplete.
Here is the script I wrote to unlock a couple other things. It is pretty straight forward assuming you can find a property that you need to change in the DB:
#!/bin/bash # Unlock System Preferences for non admins: sudo security authorizationdb write system.preferences allow # Unlock Energy Saver preference pane: sudo security authorizationdb write system.preferences.energysaver allow # Unlock Time Machine preference pane: sudo security authorizationdb write system.preferences.timemachine allow exit 0
Eden Prairie Schools
In the link you provided up above (and also referenced by @rtrouton on his blog) I see an authdb right called "com.apple.AOSNotification.FindMyMac.modify" Is that the one you're looking for? Or does that only refer to Notification Center settings? Kind of hard to tell even after exporting the current settings to a plist file.
Find My Mac - Standard User - Does NOT prompt Standard Users for Admin credentials after running this command in Terminal or using a Script / Policy scoped correctly.
security authorizationdb write com.apple.AOSNotification.FindMyMac.modify allow
After running that command, a Standard User will not be prompted for an Admin username and password when they try to check Find My Mac in the iCloud preference pane.