Skip to main content
Question

Enabling SIP via policy


Forum|alt.badge.img+21

I have been using an extensions attribute to identify when a Mac has SIP disabled. And a smart group based on SIP being disabled. I have a Self Service policy (or an automatic one) that is scoped to that smart group and simply runs the command

 

csrutil clear

 

 and then immediately restarts the computer to re-enable SIP. It worked just fine up until I discovered that it doesn't work on Monterey and/or M1 Macs.  I discovered that when I run that command manually in Terminal, now it prompts for an authorized user - which I have to type in, then it prompts for the password - which also has to be typed in.  Is there a way of enabling SIP now without having to enter a user ID & PW? We are forbidden from using passwords in scripts at all. Even if we were allowed to include scripts in passwords, we're rotating admin passwords on all the Macs on a regular basis so that's out.

Why is Apple making it harder and harder to manage things?

0 replies

Be the first to reply!

Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings