Jamf Nation Community

pbachuwa · ‎11-20-2009

Hello

I was trying to figure out how I can grant permissions to make a person
a local admin with a policy , I was provided this from JAMF Support
'sudo dscl . -append /Groups/admin GroupMembership username' but they
said for me to reach out and see if anyone has done this another way.

Patrick Bachuwa

Client Technical Services

Sears Holdings Corporation

Michigan Campus

3000 W. 14 Mile Road

P.O. Box 8073

Royal Oak, MI. 48068-8073

Phone: 248 637-0350

Report Inappropriate Content · ‎11-20-2009

Here's the script I use as a login policy to set each user to be part of the lpadmin group.

#!/bin/sh
dscl . append /Groups/lpadmin GroupMembership $3

I assume it would be just as easy to say /Groups/admin and scope the policy to the computer/users you want, or specify the username as $3.

-Robert

tlarkin · ‎11-20-2009

Furthermore if you don't want to use it as a log in hook, as maybe there
are several local accounts or you just want to promote a particular one,
or if you want to promote every single one you can do it several ways

#!/bin/bash

# get current user

cur_user=/bin/ls -l /dev/console | /usr/bin/awk '/ / { print $3}'

# now promote current user to admin

/usr/bin/dscl . append /Groups/admin GroupMembership $cur_user

exit 0

Now to promote every single local user account to admin

#!/bin/bash

#loop through /Users but exclude Shared

for i in `/bin/ls /Users | /usr/bin/grep -v "^Shared" ; do

/usr/bin/dscl . append /Groups/admin GroupMembership $i

exit 0

For the log in hook you can use Robert's example, but the $3 only gets
parsed as the current user if Casper runs it as a log in hook.

-Tom

pbachuwa · ‎11-20-2009

Thanks everyone, I will give these a try.

Have a great weekend J