macOS update & upgrade with Standard User permissions

sunilmore
New Contributor

I would like to know a single platform for upgrading and updating macOS with standard user permissions. Does anyone use a single platform for M1/M2 & Intel Mac in their environment? 

5 REPLIES 5

AJPinto
Honored Contributor II

OS Updates can be installed by a user with a secure token, they don't need admin access. OS Upgrades require Admin Access. A MDM with a Secure Token can install both OS Updates and Upgrades. Nothing else can install OS updates for a user by Apples design.

sdagley
Esteemed Contributor II

Note that some versions of macOS Ventura show a prompt stating it needs administrator credentials when it's actually requesting the credentials for the secure token holder

Vinyboy
New Contributor III

In This case you can use "Privileges" app in User's account. This would help us to enter there login credentials for certain period of time.
macOS-enterprise-privileges
https://github.com/SAP/macOS-enterprise-privileges


gabester
Contributor III

It's on my wishlist that, much like adding users to the _developer group of yore, Apple provide some group(s) - maybe _osgraders/_osupdaters to which we could add user accounts and they would then have all necessarily permissions to upgrade/update macOS but not install other software or run admin / sudo root commands. It's not like Apple doesn't know what all needs that, you'd think they could whip up an entitlement list pretty quickly. 

Justincase
New Contributor

We have some standard users in out company and we just deploy the erase-install script in self service