MakeMeAnAdmin
macOS-enterprise-privileges
Our great sponsors
MakeMeAnAdmin | macOS-enterprise-privileges | |
---|---|---|
11 | 41 | |
244 | 1,236 | |
2.5% | 2.5% | |
0.0 | 4.1 | |
3 months ago | 3 months ago | |
Shell | Objective-C | |
- | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
MakeMeAnAdmin
-
MakeMeAdmin (MacOSX)
im trying to use the MakeMeAdmin for MacOSX ( GitHub - jamf/MakeMeAnAdmin: Provides temporary admin access for a standard user via Jamf Self Service )
- Allow macOS-User to edit networksettings over MDM (Microsoft Intune)
-
MacOS: Grant temp admin rights to user from a Company Portal application
I'm looking for some solution to grant user temp admin rights (for example 10 minutes). I tried to do this similarly as I do it with Jamf, take that script, pack it as a .pkg*, and allow users to install it to get 10 minutes of local admin. With Jamf it works like a charm, tests with manual installation are positive too (manual I mean run it as a root on my test MacBook). Unfortulently Intune deployment won't work. It stops at downloading status and nothing happens. To create an installation package I use Jamf Composer.
- Which policies, profiles, scripts, apps and packages do you consider must-have?
-
Running make me an admin script via Jamf self service?
My school MacBook used to have a make me an admin command in Self Service, but for obvious reason it was removed. I have seen a few other kids use a script to route presumably https://github.com/jamf/MakeMeAnAdmin through self service allowing it to execute a sudo command. When I try to run the script on it’s own it asks for a Sudo password which I obviously don’t have. Does anybody know how I could write this script or know how to get this script to run? Thanks
- Self service
-
Help with Geekquixotic's MakeMeAnAdmin Script
Before the release of Monterey, I was experimenting with krypted's MakeMeAnAdmin script. After the release of Monterey, I started noticing issues with the script, especially when executed on Apple Silicon Macs. Then, I discovered geekquixotic's MakeMeAnAdmin Script. The script seems to work very well for elevation and removal of privileges, but I'm having some trouble getting the logging and the group removal feature working. I'm hoping someone else uses this variation of MakeMeAnAdmin and can help me figure out what I might be doing wrong.
- How to empower 3rd Party Service Desk without compromising security?
-
‘Self-Destructive’ LaunchDaemon & Script?
For a real-world example, look at Jamf’s own “MakeMeAnAdmin” script (https://github.com/jamf/MakeMeAnAdmin/blob/master/MakeMeAnAdmin.sh). This is designed to do exactly what I describe above, but it doesn’t work for me on Monterey or on Big Sur. The LaunchDaemon is never actually removed from /Library/LaunchDaemons after it gets unloaded and the script is not deleted either.
- Deploying legacy Xcode version through JAMF?
macOS-enterprise-privileges
- Administrator Accounts for Users
- Simple App to help Mac Admins
- Microsoft Enterprise SSO Plug-in and Tiered Accounts
-
MacOS user profile management inquiry
Also, if you need them to have admin rights, you can use something like https://github.com/SAP/macOS-enterprise-privileges
- MacOS: Grant temp admin rights to user from a Company Portal application
- Allow non-admins to manage Location Services
-
Can we hide the orange dot without disabling SIP?
> For technically-inclined users, I'm still largely unconvinced of the value of SIP.
Problem is technically-inclined users are the ones most likely to not be running "defense in depth" and therefore susceptible to zero days such as the H.264->code execution discussion earlier this week.
Arguably, technically-inclined users participating in the software supply chain should go beyond SIP and run in Lockdown mode permanently, both on the dev machine and any mobile devices used for MFA, or at the very least self-install SAP's "Privileges" or equivalent that requires a deliberate unlock to act as Administrator.
https://github.com/SAP/macOS-enterprise-privileges
This helps* prevent drive-bys with persistent payloads without the extra attack surface that is commercial AV or anti-malware.
* Helps prevent, not prevents.
- macOS privileges, quick and easy way to get administrator rights when needed
- Using an admin-account for daily work, really that bad?
- Admin rights and PAM
What are some alternatives?
MakeMeAdminPy - Updated MakeMeAdmin workflow now converted to Python with violation checking if additional accounts get created during the users time as a temporary admin.
macOS-Security-and-Privacy-Guide - Guide to securing and improving privacy on macOS
nudge - A tool for encouraging the installation of macOS security updates.
ProfileManifestsMirror - Jamf JSON schema manifests automatically generated from ProfileCreator manifests (https://github.com/ProfileCreator/ProfileManifests)
xcode-install - 🔽 Install and update your Xcodes
macOSLAPS - Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows
rtrouton-recipes - Recipes for AutoPkg
LAPSforMac - Local Administrator Password Solution for Mac
MakeMeAnAdmin - Provide temporary admin access to standard users.