Sorry if this has been hinted at before, its a weird one... we have been using a corporatised script takes from the bones of the "Make me an Admin" script and have been using it in one way or another for 6 years..
for those who dont know it, it adds a standard or mobile user into the 'admin' (id:80) defualt group for a certan period of time before a launchdameon cuts it off:-
/usr/sbin/dseditgroup -o edit -a $user -t user admin
so Monterey and below that has always allowed a user to enter a password to install a package or unlock a padlock, as well as sudo and su themselves on a terminal to use admin commands there... except I cant get this to work on 13.5.2, i can install a pkg graphicly, but I cant use sudo or sudo -s to get a root terminal to run it on the command line via /sbin/installer
installer works when i have used the jamf management account to sudo -s with its complex password... so dont know why users dropped into the admin group cannot do that? if no i will raise a case to apple as well see if there is a new restirctions they have kept quiet..
