Hello, I am new to the Casper/Jamf world and looking for some help. I am trying to get the 30minAdminJss process working, the Make admin works fine, I am not sure how to get the Remove portion to work. Can someone help me with this?
+19
+18Hi,
Are you using this script: https://github.com/darklordbrock/Temporary-Admin-30min/blob/master/30minAdminJss.sh
If you are you would just need to add the script to the JSS and create a self service policy for it.
The second part of the script is to add a LaunchDaemon to trigger the removal of the user from the admin group.
What are the symptoms you are seeing?
+3Hi, davidacland, yes that is the script, I have set up the 30minAdminJss.sh with a policy and it works great, the problem is with the Remove script, I am not sure how to make this work.
Thank you
+18Ah ok. It looks like you need to create a policy with a manual trigger called "adminremove".
In the example script there is a receipt left behind: /var/uits/userToRemove.
You just need to create a second script with the following:
#!/bin/sh
U=$(cat /var/uits/userToRemove)
# Gets the name of the user to remove
dseditgroup -o edit -d $U -t user admin
# Takes them out of the admin group
launchctl unload -w /Library/LaunchDaemons/edu.uwm.uits.brockma9.adminremove.plist
# Unloads the LaunchDaemon
rm /Library/LaunchDaemons/edu.uwm.uits.brockma9.adminremove.plist
# Deletes the LaunchDaemon
rm /var/uits/userToRemove
# Deletes the receipt file
exit 0Add the script to the remove policy that has the manual trigger and that should do the trick.
+3davidacland, thank you for the advice, when you say "add a policy with a manual trigger" are you referring to the "Custom" trigger?
+18Yes that's the one.
+3Great, thanks, I noticed the script you posted is quite a bit diff. than the one i grabbed, i will give it a try, thanks again.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.