Help

Managing Netwrok Preference Pane Access?

musat
Contributor III

Posted on ‎11-16-2015 10:39 AM

Hello,
I have found the commands to allow access to the Network System Preference pane using security authorizationdb. However, I was hoping for a more granular approach. Specifically for our students. We would like for them to have access to the Advanced / Wi-Fi / Preferred Networks area, to be able to delete and re-order their saved networks. However, we don't want them to have access to the DNS and Proxies tabs, as that is where our filtering is defined.

So, is it possible to have as more granular unlocking? Or are we stuck with all or nothing? Currently we are using the

    security authorizationdb write system.preferences.network allow
    security authorizationdb write system.services.systemconfiguration.network allow

commands. But as I stated, this unlocks everything behind the networking panel.

Thanks, Tim Musa

0 Kudos
4 REPLIES 4

mm2270
Legendary Contributor III

Posted on ‎11-16-2015 10:49 AM

Pretty sure its all or nothing. Send feedback to Apple on it if you feel settings like these should be more granular. Its been a big complaint of mine for years now, more with other Preference Panes than Network, but the thought is the same.
I was hopeful with the advent of Config Profiles that we'd get a little more granularity, but apparently Apple doesn't want to do it, or there are technical difficulties in achieving it.

0 Kudos

calumhunter
Valued Contributor

Posted on ‎11-16-2015 08:53 PM

works in 10.9 and 10.10 i haven't test in 10.11 yet

#!/bin/sh

security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.network allow
security authorizationdb write system.services.systemconfiguration.network allow

exit 0

Ref: https://jamfnation.jamfsoftware.com/discussion.html?id=14919

0 Kudos

musat
Contributor III

Posted on ‎11-17-2015 05:32 AM

Yes, we are using those, but that completely opens the Networking preference panel, giving student access to change the DNS and Proxy settings, which are how our filtering is configured. I was asking if there was a more granular approach to this, instead of this "all of nothing" approach, and it looks like there is not.

Our biggest issue is giving Students the ability to remove SSIDs from the Preferred Network list. It would be nice to allow them to reorder the list, but not critical. I guess it is now time to work on scripting something to allow them to do that.

So, does anybody have a Self Service script to remove selected SSIDs from the Preferred Network list? I have created one that removes a hard-coded specific SSID, but this would need to be configurable to allow them to remove any SSID.

0 Kudos

mm2270
Legendary Contributor III

Posted on ‎11-17-2015 07:40 AM

@musat Should be possible to script something that would pull a list of all saved preferred SSIDs and then allow them to choose from the list with either an Applescript dialog or using cocoaDialog.

If you give me about an hour, I can put an example script together for you to look at.

0 Kudos