Jamf Nation Community

Looking to give the user permanent admin privileges.  I know I can just go in and check off the box to "Allow user to administer this computer" but would rather not have to do that manually.

The script/command you'd use for this doesn't go in and "check" the box per se, but does grant admin rights. It would be something along these lines.

/usr/sbin/dseditgroup -o edit -a username -t user admin

Where "username" is the short name of the user account. This adds that account of type user into the local admin group, which in turn grants them local admin rights. Keep in mind the command must be run with sudo or as root (default with a script run from Jamf Pro)

I created a policy, made a script, and I can't get it to execute properly...keep getting the following error (which I know relates to the Username but I am %100 positive the script matches the targeted Standar User): 

Are you familiar with the exit code at all? 

My issue is that we have a remote employee that needs admin rights and we won't have local access to it....I'm fully aware of the other methods everyone mentioned with 1-time elevated privileges but I don't have clearance to push another app yet. 

In case anyone wants to do this via policy and script, be sure to set the target directory as /usr/local (which is why it was failing initially) in the policy for execution. I added some output to the script incase it fails: 

#!/bin/bash

echo "Working Directory: $(pwd)"
echo "Executing User: $(whoami)"
echo "Path: $PATH"

USERNAME="username"
echo "Adding $USERNAME to admin group..."
sudo dseditgroup -o edit -a $USERNAME -t user admin

if [ $? -ne 0 ]; then
echo "Failed to add $USERNAME to admin group"
exit 1
else
echo "$USERNAME added to admin group successfully"
exit 0
fi