MakeMeAnAdmin does not work anymore on macOS 12.3?

LeoBoston
New Contributor III

Hi all,

So we are using the MakeMeAnAdmin script for almost 3 years without a hitch.

Now we are having the first macoS 12.3.1 devices and the MakeMeAnAdmin script does not work anymore. On older macOS versions everything works fine.

Anyone else experiencing this issue?

1 ACCEPTED SOLUTION

stevewood
Honored Contributor II
Honored Contributor II

There is a shell script version of the Make Me Admin script available here:

https://github.com/jamf/MakeMeAnAdmin

It behaves very similar to the python version.

View solution in original post

7 REPLIES 7

geoff_widdowson
Contributor II

I've just tested on 12.3.1 and an M1 Mac. Not working for me either. I get the notification to say I have been granted admin rights, but shows as standard user even after a reboot.

I think this is due to the use of a Python script. Python 2has been removed from 12.3

mickl089
Contributor III

if a script ran up to 12.3 and no longer runs under 12.3.1, it really smells a lot like the well-known python problem ;-)

Apple say they removed Python from 12.3, from what I have read. 

yes that's right, until now python 2.7 was installed - but if you install python 3 now, you don't make sure that the scripts will run again, they still have to be adjusted.

stevewood
Honored Contributor II
Honored Contributor II

There is a shell script version of the Make Me Admin script available here:

https://github.com/jamf/MakeMeAnAdmin

It behaves very similar to the python version.

rasy
New Contributor II

i'm facing the same problem like @ stevewood.

@stevewood i have a Question: the daemon doesn't survive a reboot right? but after reboot it triggers the daemon an do following: 

if [[ -f /private/var/userToRemove/user ]]; then
userToRemove=$(cat /private/var/userToRemove/user)
echo "Removing $userToRemove's admin privileges"
/usr/sbin/dseditgroup -o edit -d $userToRemove -t user admin
rm -f /private/var/userToRemove/user
launchctl unload /Library/LaunchDaemons/removeAdmin.plist
rm /Library/LaunchDaemons/removeAdmin.plist
log collect --last 30m --output /private/var/userToRemove/$userToRemove.logarchive
fi
EOF

my Problem command rm /Library/LaunchDaemons/removeAdmin.plist doesn't get executed after reboot, do you know why? it hangs and every command after it doesn't be executed.

 

stevewood
Honored Contributor II
Honored Contributor II

If the LaunchDaemon has not run prior to a reboot it should still survive a reboot. The LaunchDaemon would reload on restart and the timer would be restarted. Meaning if a user were to elevate and restart the computer, the timer for demoting them would restart as well. If you had a timer of say 5 minutes and the user restarted at the 4 minute mark, then the user could theoretically get another 5 minutes of admin rights.