Jamf Nation Community

What are your expectations of what the DockToggleTimeout setting does? The reason I'm asking is that the DockToggleTimeout setting sets a fixed timeout, in minutes, for the Dock tile's Toggle Privileges command.

Otherwise, there is no time limit on the admin rights granted by Privileges.app. Admin rights are granted until some process (like running Privileges.app again) takes them away.

My hope was to set the DockToggleTimeout via configuration profile so that users are only given admin rights for that set amount of time by using the "Toggle privileges" option. I'd set a software restriction in Jamf to prevent the user from opening the app "normally" and giving them self indefinite admin rights, but perhaps that will also prevent the Privileges app from performing the toggle function.

Toggle privileges function is actually handled by the PrivilegesCLI, so you should be fine killing the exact process of Privileges leaving the CLI one intact. Of course if your end users figure out the CLI, they will be able to set themselves admins permanently anyway, but I guess all temporarily elevating solutions out there depend on some kind of a trust to your end users, right? 🤓.

Still, what you thought is possible with DockToggleTimeout is I think a quite common misconception — one I've initially shared as well when approaching the app for the very first time — and it's a shame there's no way to force the app to always enter the timeout mode and then even add a Reason prompt to the mix. The CP–configurable settings seem almost like excluding one another. There's a similar requests via PR on SAP's git, but it doesn't feel easy to provide feedback there without issues reporting. But this may change, as we have Rick here with us 😝.

Otherwise a great app with a simple, nice UX 👍🏼.

Has anyone had success with the DockToggleTimeout in a profile? I made a profile with a few settings (see below), and I get prompted for a reason, and I have to authenticate, however it does not timeout after 1 minute. I also notice the icon does not change to the managed icon like it should according to the documentation.

@PhillyPhoto ,

What are your expectations of what the DockToggleTimeout setting does? The reason I'm asking is that the DockToggleTimeout setting sets a fixed timeout, in minutes, for the Dock tile's Toggle Privileges command.

If the expectation is that Privileges will time-out admin rights outside of using Toggle Privileges, that's not what will happen. Admin rights are granted until some process (like running Privileges again) takes them away.

Also, the DockToggleTimeout setting does not cause the managed icon to appear (this is mentioned in the documentation.) I haven't tried this particular combination before, but please try removing the DockToggleTimeout setting from the profile and see if you now get the managed icon.

@rtrouton I don't know why it hasn't "clicked" before now, but I think I understand the purpose of the timeout. Is there a plan to add a "revert timeout" type setting in the future to have it built-in?

I removed the timeout, but I'm still not getting the managed icons. I do see that the right click toggle is completely disabled now, and I'm assuming that is because I require authentication and a reason so it can't be toggled quickly?

The disabling of the Toggle privileges function is because either the ReasonRequired or the RequireAuthentication setting is being managed. If you refer to the documentation, you should see these notes along with the ReasonRequired and the RequireAuthentication sections:

• Note: If setting ReasonRequired, the Toggle Privileges option is automatically disabled.
• Note: If setting RequireAuthentication, the Toggle Privileges option is automatically disabled.