Drive mounting

Caist
New Contributor

Is there a way to allow a program to mount network drives without it prompting for admin credentials?

Running 10.12.6

Thanks!

7 REPLIES 7

easyedc
Valued Contributor II

Can you elaborate on this? doing it via script? Doing it via GUI? Doing it with Casper? What are you mounting (like a network share which requires ad credentials?) Did you check out the Mount man page?

Caist
New Contributor

We have a program called EditShare that looks like it runs an "oascript" to mount certain network shares, based on user credentials. The program loads fine, but when you select the drive to mount, it prompts for admin credentials (which we can't give all of our students on campus).

easyedc
Valued Contributor II

Honestly, if I were doing it, I'd write something in Apple Script. It can do most of the heaving lifting, and you can bake passwords in but export it as a run-only application and the user/pass should get garbled if they tried to read the files. I've got a few things that leverage our JAMF service account that way that can do things running as admin without sharing the actual credentials. It could be something as simple as

tell application Finder to mount smb://blah as user with password

or you can provide drop downs or lists of choices and get as fancy as you want.

Look
Valued Contributor III

It shouldn't need admin rights to mount a share, if you use Apple Script for example if should run the mount attempt as the current user and only ask for credentials to the share if required, not the local machine.
If you know the shares why not just have them mounted using a policy in Self Service instead? Is there a particular reason to use a 3rd party tool for the drive mounting? You can then using scoping and various other tools to restrict who and where this can occur.

ungi3
New Contributor

Editshare Connect is a third party app that is baked into their storage equipment.
Designed for media related workflows.

There is a particular way that the Editshare app needs to be packaged so that it doesn't prompt you for credentials when it mounts the drive.
A reboot is also required after the package is installed.
We're about to close up shop for the year so I'll try and give you a hand after the break (if you still need a solution)

anothermacguy
New Contributor II

@ungi3 We're just about to start investigating this same issue with Editshare Connect. Are you able to share some more info on your solution?

ungi3
New Contributor

@anothermacguy Sorry, completely forgot about this.
Ever since Editshare updated their app, we've had even more trouble with permissions.
It's a real pain in the ass.
They've changed something in the startup script and it's now randomly prompting for admin credentials for ALL accounts.
Previously, authenticating the one time would get rid of the prompts for everyone, but now it pops up randomly even after being authenticated already.

The current workaround is to allow password-less root access to the EditShare app for all Active Directory accounts.
Not ideal, but not really much choice until they do something about it.

This is the line I've added to the sudoers.d file:
"%ADSROOTDomain Users ALL=(root) NOPASSWD:/Applications/EditShare Connect.app/Contents/MacOS/Editshare Connect *"

Then I wrapped the the command to sudo open the above file into an app, and hid the original EditShare Connect.app so no one gets confused trying to figure out which app to use.

It's messy, but it works for now.
We'll need to change the workflow eventually but it's on the back burner for now.

Also, from v7.2.2.1 the EditShare Client now comes as a pkg so that's one less step you have to take.