Help

Local admin access on macOS

sk25
Contributor

Posted on ‎12-11-2022 07:47 AM

Guys, need help in managing the admin access through script. I'm planing to have a script to put it on policy. In case user needs an admin access can run the policy from self service as and when required.however, that admin access can last longer for 5 - 10 mins. Kindly someone help me with the script with the timing. Thanks for understanding

0 Kudos
Reply
2 REPLIES 2

sdagley
Esteemed Contributor II

Posted on ‎12-11-2022 12:35 PM

@sk25 You might find the open source Privileges tool from SAP useful for enabling admin access: https://github.com/SAP/macOS-enterprise-privileges

There is an accompanying Wiki which describe the management options, including setting a maximum time for toggling privileges.

PrivilegesDemoter (https://mostlymac.blog/2021/12/27/remind-users-to-run-as-standard-with-sap-privileges-app/) can be used in conjunction with Privileges, or a Self Service policy that enables admin access if you really want to go that route, to encourage users to only remain admins as needed.

0 Kudos
Reply

daniel_behan
Contributor III

Posted on ‎12-12-2022 06:38 AM

SAP Privileges is great.  If you don't need as many options, you can use JAMF's MakeMeAnAdmin https://github.com/jamf/MakeMeAnAdmin

0 Kudos
Reply