Local admin access on macOS


Guys, need help in managing the admin access through script. I'm planing to have a script to put it on policy. In case user needs an admin access can run the policy from self service as and when required.however, that admin access can last longer for 5 - 10 mins. Kindly someone help me with the script with the timing. Thanks for understanding


Esteemed Contributor II

@sk25 You might find the open source Privileges tool from SAP useful for enabling admin access: https://github.com/SAP/macOS-enterprise-privileges

There is an accompanying Wiki which describe the management options, including setting a maximum time for toggling privileges.

PrivilegesDemoter (https://mostlymac.blog/2021/12/27/remind-users-to-run-as-standard-with-sap-privileges-app/) can be used in conjunction with Privileges, or a Self Service policy that enables admin access if you really want to go that route, to encourage users to only remain admins as needed.

Contributor III

SAP Privileges is great.  If you don't need as many options, you can use JAMF's MakeMeAnAdmin https://github.com/jamf/MakeMeAnAdmin