NoMADLogin-AD
macOS-enterprise-privileges
NoMADLogin-AD | macOS-enterprise-privileges | |
---|---|---|
6 | 41 | |
46 | 1,243 | |
- | 0.9% | |
0.0 | 4.1 | |
4 months ago | 3 months ago | |
Swift | Objective-C | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
NoMADLogin-AD
- Migrating away from AD Binding: Challanges with Creating Accounts on Shared Macs
- Simple App to help Mac Admins
-
iMac Ventura in a complete AD environment, domain joined but can't access with different users
Try nomad login - https://github.com/jamf/NoMADLogin-AD
-
Payload "Login Items"
Jamf moved the active NoLoAD repository over to Github a while back. https://github.com/jamf/NoMADLogin-AD/
-
NoMAD Login AD 1.4 Multiplatform Installer
Hmmm, the download link here gets you 1.4, not sure if it's the multiplatform though. https://github.com/jamf/NoMADLogin-AD
macOS-enterprise-privileges
- Administrator Accounts for Users
- Simple App to help Mac Admins
- Microsoft Enterprise SSO Plug-in and Tiered Accounts
-
MacOS user profile management inquiry
Also, if you need them to have admin rights, you can use something like https://github.com/SAP/macOS-enterprise-privileges
- MacOS: Grant temp admin rights to user from a Company Portal application
- Allow non-admins to manage Location Services
-
Can we hide the orange dot without disabling SIP?
> For technically-inclined users, I'm still largely unconvinced of the value of SIP.
Problem is technically-inclined users are the ones most likely to not be running "defense in depth" and therefore susceptible to zero days such as the H.264->code execution discussion earlier this week.
Arguably, technically-inclined users participating in the software supply chain should go beyond SIP and run in Lockdown mode permanently, both on the dev machine and any mobile devices used for MFA, or at the very least self-install SAP's "Privileges" or equivalent that requires a deliberate unlock to act as Administrator.
https://github.com/SAP/macOS-enterprise-privileges
This helps* prevent drive-bys with persistent payloads without the extra attack surface that is commercial AV or anti-malware.
* Helps prevent, not prevents.
- macOS privileges, quick and easy way to get administrator rights when needed
- Using an admin-account for daily work, really that bad?
- Admin rights and PAM
What are some alternatives?
ProfileCreator - macOS app to create standard or customized configuration profiles.
MakeMeAnAdmin - Provides temporary admin access for a standard user via Jamf Self Service
macOSLAPS - Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows
macOS-Security-and-Privacy-Guide - Guide to securing and improving privacy on macOS
nudge - A tool for encouraging the installation of macOS security updates.
ProfileManifestsMirror - Jamf JSON schema manifests automatically generated from ProfileCreator manifests (https://github.com/ProfileCreator/ProfileManifests)
munki - Managed software installation for macOS —
rtrouton-recipes - Recipes for AutoPkg
LAPSforMac - Local Administrator Password Solution for Mac
MakeMeAdminPy - Updated MakeMeAdmin workflow now converted to Python with violation checking if additional accounts get created during the users time as a temporary admin.
Installomator - Installation script to deploy standard software on Macs