MakeMeAnAdmin
macOSLAPS
Our great sponsors
MakeMeAnAdmin | macOSLAPS | |
---|---|---|
11 | 27 | |
244 | 365 | |
2.5% | - | |
0.0 | 0.0 | |
3 months ago | about 1 year ago | |
Shell | Swift | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
MakeMeAnAdmin
-
MakeMeAdmin (MacOSX)
im trying to use the MakeMeAdmin for MacOSX ( GitHub - jamf/MakeMeAnAdmin: Provides temporary admin access for a standard user via Jamf Self Service )
- Allow macOS-User to edit networksettings over MDM (Microsoft Intune)
-
MacOS: Grant temp admin rights to user from a Company Portal application
I'm looking for some solution to grant user temp admin rights (for example 10 minutes). I tried to do this similarly as I do it with Jamf, take that script, pack it as a .pkg*, and allow users to install it to get 10 minutes of local admin. With Jamf it works like a charm, tests with manual installation are positive too (manual I mean run it as a root on my test MacBook). Unfortulently Intune deployment won't work. It stops at downloading status and nothing happens. To create an installation package I use Jamf Composer.
- Which policies, profiles, scripts, apps and packages do you consider must-have?
-
Running make me an admin script via Jamf self service?
My school MacBook used to have a make me an admin command in Self Service, but for obvious reason it was removed. I have seen a few other kids use a script to route presumably https://github.com/jamf/MakeMeAnAdmin through self service allowing it to execute a sudo command. When I try to run the script on it’s own it asks for a Sudo password which I obviously don’t have. Does anybody know how I could write this script or know how to get this script to run? Thanks
- Self service
-
Help with Geekquixotic's MakeMeAnAdmin Script
Before the release of Monterey, I was experimenting with krypted's MakeMeAnAdmin script. After the release of Monterey, I started noticing issues with the script, especially when executed on Apple Silicon Macs. Then, I discovered geekquixotic's MakeMeAnAdmin Script. The script seems to work very well for elevation and removal of privileges, but I'm having some trouble getting the logging and the group removal feature working. I'm hoping someone else uses this variation of MakeMeAnAdmin and can help me figure out what I might be doing wrong.
- How to empower 3rd Party Service Desk without compromising security?
-
‘Self-Destructive’ LaunchDaemon & Script?
For a real-world example, look at Jamf’s own “MakeMeAnAdmin” script (https://github.com/jamf/MakeMeAnAdmin/blob/master/MakeMeAnAdmin.sh). This is designed to do exactly what I describe above, but it doesn’t work for me on Monterey or on Big Sur. The LaunchDaemon is never actually removed from /Library/LaunchDaemons after it gets unloaded and the script is not deleted either.
- Deploying legacy Xcode version through JAMF?
macOSLAPS
-
Best practice for MacOS control + user experience in Intune. (Autopilot for Macs to Intune)
LAPS isn't natively supported but once again there's a third-party solution
- Simple App to help Mac Admins
-
Mac user password resets
As others have mentioned, a second account with admin privileges might be your best bet. If you're going to go that route, you may want to implement macoslaps along with that. Macoslaps randomizes the local admin password which comes in handy if you need to give the password to someone. It used to be only for Active Directory joined Macs but now can be used without an active directory (via MDM). Here's the link for more info: This goes on the clients - https://github.com/joshua-d-miller/macOSLAPS
-
Anyone know if macOSLAPS will work with the new Windows LAPS update Microsoft just announced?
We use MacOSLAPS on our Mac clients to randomize the admin password on those machines: https://github.com/joshua-d-miller/macOSLAPS
-
The Active Directory team has delivered LAPS natively to Windows 10 & 11, #WindowsServer 2019 & 2022 with this month’s Patch Tuesday!
And that implementation is why when I set this up at $oldJob I set the RemovePassChars key to all ambiguous characters I had run into on the Microsoft product.
-
First Post - a stupidly specific failure
I believe setting something like macOSLAPS up will also resolve the issue since the automatically created local account would authenticate and update it's password silently.
- is it possible to see what account made changes to the system?
-
Need advice for securing company laptops
There are a variety of alternatives, such as https://github.com/joshua-d-miller/macOSLAPS
- Create a standard account, no admin account
- Mac User accounts
What are some alternatives?
macOS-enterprise-privileges - For Mac users in an Enterprise environment, this app gives the User control over administration of their machine by elevating their level of access to Administrator privileges on macOS. Users can set the time frame using Preferences to perform specific tasks such as install or remove an application.
LAPSforMac - Local Administrator Password Solution for Mac
MakeMeAdminPy - Updated MakeMeAdmin workflow now converted to Python with violation checking if additional accounts get created during the users time as a temporary admin.
access-manager - Access Manager provides web-based access to local admin (LAPS) passwords, BitLocker recovery keys, and just-in-time administrative access to Windows computers in a modern, secure, and user-friendly way.
nudge - A tool for encouraging the installation of macOS security updates.
xcode-install - 🔽 Install and update your Xcodes
ProfileManifestsMirror - Jamf JSON schema manifests automatically generated from ProfileCreator manifests (https://github.com/ProfileCreator/ProfileManifests)
PPPC-Utility - Privacy Preferences Policy Control (PPPC) Utility
MakeMeAnAdmin - Provide temporary admin access to standard users.