http://www.jamfsoftware.com/resources/casper-suite-administrators-guide-version-9-63/

http://www.jamfsoftware.com/training/certified-casper-technician-cct/

Hi,

Are you using this script: https://github.com/darklordbrock/Temporary-Admin-30min/blob/master/30minAdminJss.sh

If you are you would just need to add the script to the JSS and create a self service policy for it.

The second part of the script is to add a LaunchDaemon to trigger the removal of the user from the admin group.

What are the symptoms you are seeing?

Hi, davidacland, yes that is the script, I have set up the 30minAdminJss.sh with a policy and it works great, the problem is with the Remove script, I am not sure how to make this work.

Thank you

Ah ok. It looks like you need to create a policy with a manual trigger called "adminremove".

In the example script there is a receipt left behind: /var/uits/userToRemove.

You just need to create a second script with the following:

#!/bin/sh

U=$(cat /var/uits/userToRemove)
  # Gets the name of the user to remove

dseditgroup -o edit -d $U -t user admin
  # Takes them out of the admin group

launchctl unload -w /Library/LaunchDaemons/edu.uwm.uits.brockma9.adminremove.plist
  # Unloads the LaunchDaemon

rm /Library/LaunchDaemons/edu.uwm.uits.brockma9.adminremove.plist
  # Deletes the LaunchDaemon

rm /var/uits/userToRemove
  # Deletes the receipt file

exit 0

Add the script to the remove policy that has the manual trigger and that should do the trick.

davidacland, thank you for the advice, when you say "add a policy with a manual trigger" are you referring to the "Custom" trigger?

Yes that's the one.

Great, thanks, I noticed the script you posted is quite a bit diff. than the one i grabbed, i will give it a try, thanks again.