Jamf Nation Community

jimw · ‎03-07-2017

Hi all,

I'm back again with another question on how to implement some settings from the CIS Benchmark.

We are stuck on requiring an administrator password to access system-wide preferences. I've been doing some research on the issue and I've been hitting a dead end.

I found the extremely helpful blog of rtrouton (https://derflounder.wordpress.com/2014/02/16/managing-the-authorization-database-in-os-x-mavericks/), but this doesn't seem to be working in Sierra. Does anyone know a good way to script this change?

Thanks!

ndeal · ‎03-07-2017

Not sure if this is at all helpful, but I just tested the method in the link you documented on my Sierra Mac (via JAMF 9.97) and it seems to be working... the box gets checked in System Preferences when I run it. What is it you're seeing when trying via this method?

#!/bin/bash security authorizationdb read system.preferences > /tmp/system.preferences.plist /usr/libexec/PlistBuddy -c "Set :shared false" /tmp/system.preferences.plist security authorizationdb write system.preferences < /tmp/system.preferences.plist

View solution in original post

ndeal · ‎03-07-2017

Not sure if this is at all helpful, but I just tested the method in the link you documented on my Sierra Mac (via JAMF 9.97) and it seems to be working... the box gets checked in System Preferences when I run it. What is it you're seeing when trying via this method?

#!/bin/bash security authorizationdb read system.preferences > /tmp/system.preferences.plist /usr/libexec/PlistBuddy -c "Set :shared false" /tmp/system.preferences.plist security authorizationdb write system.preferences < /tmp/system.preferences.plist

jimw · ‎03-07-2017

@ndeal Actually, that does seem to work. I'm not sure why I was having mixed results before. Thanks for the help!

ndeal · ‎03-07-2017

No problem, glad it worked. If you copied and pasted from the site you linked originally, maybe it copied smart quotes or something and that was causing some issues? I've had that happen before.

JohnMcNairLL · ‎04-12-2022

Anyone else having issues with this solution on Monterey systems? I have been testing this on a few Monterey systems and the <key>shared</key> does not get set to <false/>.

I copied the command from above and have been testing locally first. Waiting to get the proper results before uploading to Jamf.

tkimpton · ‎08-01-2022

Were you able to resolve this? Im getting the same problem and cannot enable this anymore.

JohnMcNairLL · ‎08-01-2022

I think the PlistBuddy version is working, doing the testing this week. I will update this thread when I have completed the testing.

tkimpton · ‎08-01-2022

i havent got this working on Monterey or Ventura

DanVT · ‎03-03-2023

Where you able to ever get this working on Monterey?

mm2270 · ‎05-02-2023

Just wanted to chime in that I've also had numerous issues getting this or other similar scripts to work on Monterey since I think around 12.6, but I can't be sure when it started. It just doesn't seem to get applied to the system.preferences plist anymore.

Has anyone been able to get this working for who it stopped working for? If so, I would love to know what you did to get it working again.

Jamf Nation Community

Require an administrator password to access system-wide preferences