Set user as local admin on MacOS through Jamf?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-18-2023 03:07 AM
My company sent me a MacBook to do some application testing on, but I initially couldn't login to it. I had to reset the device and let it re-enroll in our Jamf cloud before I could login to it.
I can login as a standard user now. These are not domain joined and there is no local admin account right now.
I am a Jamf administrator, but I've never used it. I went and created a new policy that targets only my computer that was supposed to create a new local account with administrator privileges, but it doesn't appear to have worked.
Any suggestions?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-19-2023 09:39 PM
I am not sure why that does not work unless you provide the outcome of the policy. However, you can make yourself admin
Create a script below in Jamf pro and scope this to yourself or put in self service. that would make the logged in user admin.
#!/bin/bash
loggedInUser=$(stat -f %Su /dev/console)
dseditgroup -o edit -a $loggedInUser -t user admin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-22-2023 06:24 AM
It is not possible to setup macOS without at least one local admin account. Check to see if you have an account being created with your prestage and use that account for your troubleshooting.
For the policy to make a new admin account. What are the logs saying? Is it making the account and not granting admin access, or not making the account at all?
You can also use JAMF to promote your account to an Admin by adding it to the Admin group, but @A_Collins already covered that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
Hi @AJPinto and @A_Collins
Sorry managing our IT system isn't part of my normal job and haven't had time to review / test /confirm the above. Couple of extract comments
- we dont use 'Self Service'
- Yes, as part of the enrolment policy there is an inbuilt administrator
I'll back a couple of steps, the machine in questions after the initial enrollment is not checking in with JAMF, i.e. when you look at application logs, policy logs, computer usage logs etc. I then had the use enter 'sudo jamf recon' in terminal and thats where the above error was occuring.
Are there any suggestions and or does it mean a full factory reset is required?
