Posted on 09-08-2011 09:49 AM
Is there a way to allow a standard, non admin user to use Time Machine if they want? Right now, they have to unlock the preference pane to setup Time Machine.
Jamie Bell
Apple Technology Administrator
The Westminster Schools
Ph: 404-609-6345
Posted on 09-08-2011 10:33 AM
I'm not sure if this will help, but the script in the link edits /etc/authorization to allow all users to unlock each secure preference pane..
So, if you're looking them down.. this may help.
http://macmule.com/2010/11/18/unlock-each-secure-system-preference-allow-all-users-to-unlock/
Posted on 02-19-2014 01:34 PM
Out of curiosity, has anyone tried @bentoms script lately? I have recently had a need to do such a thing, and i couldn't get it to work on a test box, and wondered if there was a config change under 10.9 blocking this?
Posted on 02-19-2014 01:39 PM
@easyedc, I've been meaning to update that.
Look @ http://derflounder.wordpress.com/2014/02/16/managing-the-authorization-database-in-os-x-mavericks//
Posted on 02-20-2014 07:22 AM
thanks @bentoms that did the trick. Der Flounder (and you!) are such great resources out here.
Posted on 04-22-2016 07:12 AM
All our seniors take their MBP's with them upon graduation. We need them to back their data up before we wipe and re-image with a clean copy of 10.10.5.
!/bin/bash
security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.timemachine allow
Corbin
Posted on 11-21-2016 06:20 AM
@corbinmharris Do you just put the two commands into a script and then deploy it? I just want users to be able to restore files and be able to control their time machines. This will not give them full system preferences correct?
Posted on 11-22-2016 04:50 AM
@TylerC In short: Yes. Include those two lines in a script and your users (ALL USES of that unit) will have access to that preference pane, and nothing additional (i.e. network, etc). We include several more items in our FirstRun script such as:
security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.datetime allow
security authorizationdb write system.preferences.timemachine allow
security authorizationdb write system.preferences.energysaver allow
security authorizationdb write system.preferences.printing allow
security authorizationdb write system.print.operator allow
Posted on 11-22-2016 06:39 AM
In addition to the time machine preference pane they also need to be able to do file restores from it. Will this allow them to preform this task as-well?
I did see that you had a few printing options in there. Currently we are giving all users lpadmin privileges in order to manage printer settings. Would the use of this script work as -well?
Will this override my configuration profile restrictions then?
EDIT: Looks like it is working so far and not overwriting anything. I am going to test it some more and hopefully deploy it.
Posted on 11-23-2016 05:13 AM
@TylerC Profiles should win any battle between them, but I don't have any conflicting profiles in production so... Also, this is part of a much broader First Run Script. When talking printer's I also include
# Add all users to dseditgroup and give all print privledges
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group lpadmin
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group _lpadmin
/usr/bin/defaults write /System/Library/LaunchAgents/com.apple.printuitool.agent.plist Disabled -bool YES
/usr/bin/defaults write /System/Library/LaunchAgents/com.apple.printuitool.agent.plist EnableTransactions -bool NO
# Expand print panel by default
/usr/bin/defaults write NSGlobalDomain PMPrintingExpandedStateForPrint -bool true
/usr/bin/defaults write NSGlobalDomain PMPrintingExpandedStateForPrint2 -bool true
# Expand save panel by default
/usr/bin/defaults write NSGlobalDomain NSNavPanelExpandedStateForSaveMode -bool true
/usr/bin/defaults write NSGlobalDomain NSNavPanelExpandedStateForSaveMode2 -bool true
Adding them to the lpadmin group also allows printer installation/management from non-System preferences locations, like print dialog boxes. That said, I haven't done a lot of experimentation on this lately. Perhaps these are redundant to a point.
(If some of you recognise these lines, they come from a FRScript developed over time by both Rich Trouton and John Wojda. As any good jamfAdmin, I've taken their FRScripts as a base and modified them for our environment.
Posted on 02-10-2021 05:08 AM
/usr/bin/security authorizationdb write system.preferences.timemachine allow
Does not seems to work under Big Sur with M1 Macs, any known workaround ?