Temporarily Elevate Users to Admin

New Contributor III

Hi everyone
I need your help, the answers on JAMF Nation to similar issues are not working. I have an application that I need to update called Tunnelblick (an open source VPN app). Once you update the app, it requires admin privileges on first launch to change system settings. I am trying to elevate my users to admin temporaily using the dseditgroup -o edit -a $loggedInUser -t user admin I have tried this as a shell script and run command from the advanced tab when creating a policy. I have also tried $CurrentUser in the syntax and tried using quotes. I am just not that good with shell scripts. My predicament is the fact that all my users are local to each machine with different names, and no directory services. What am I doing wrong with the script? It works if I input a single users name into the syntax but I need it to work for the current user on 110+ systems.
This is such an emergency because of the Heart Bleed ssl vulnerability. Once I get this to work. I can push the app to theirs systems and give them 5 minutes to launch the app for the first time before invoking a restart which would trigger another policy on reboot to remove admin privileges.
All systems are running 10.8.5
Thank you all in advance for your help



Hi you may want to check out this article https://jamfnation.jamfsoftware.com/discussion.html?id=1296

As they recommend in that article

CurrentUser=ls -l /dev/console | cut -d " " -f 4 and then refer to it with $CurrentUser