Posted on 11-15-2019 06:41 AM
I know you can use Jamf Pro to create a new local user account with or without admin access, but can you use Jamf Pro to modify an already existing local account's permissions?
Posted on 11-15-2019 07:22 AM
What do you mean by permissions? Do you mean demoting it to a standard user instead of admin? Or are you talking about just limiting it's admin privileges?
Posted on 11-15-2019 07:51 AM
Demoting an admin to standard or promoting a standard to admin. Need to do both on occasion.
Posted on 11-15-2019 08:02 AM
OK, then yes, totally possible to do with a script. There are a couple of methods to do it, but I believe the current supported way (still) is to use dseditgroup
Something like this:
/usr/sbin/dseditgroup -o edit -a username admin
In the above, you are telling dseditgroup
to do the operation (-o
) edit
to add (-a
) the user username
to the group admin
This makes the user named "username" an admin
To do the reverse - remove them from the admin group, you use operation delete (-d
) like so:
/usr/sbin/dseditgroup -o edit -d username admin
This simply deletes "username" from the admin group.
Hope that helps.