macOS-enterprise-privileges
ProfileManifestsMirror
macOS-enterprise-privileges | ProfileManifestsMirror | |
---|---|---|
41 | 14 | |
1,240 | 153 | |
0.6% | 2.6% | |
4.1 | 3.4 | |
3 months ago | 5 months ago | |
Objective-C | Python | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
macOS-enterprise-privileges
- Administrator Accounts for Users
- Simple App to help Mac Admins
- Microsoft Enterprise SSO Plug-in and Tiered Accounts
-
MacOS user profile management inquiry
Also, if you need them to have admin rights, you can use something like https://github.com/SAP/macOS-enterprise-privileges
- MacOS: Grant temp admin rights to user from a Company Portal application
- Allow non-admins to manage Location Services
-
Can we hide the orange dot without disabling SIP?
> For technically-inclined users, I'm still largely unconvinced of the value of SIP.
Problem is technically-inclined users are the ones most likely to not be running "defense in depth" and therefore susceptible to zero days such as the H.264->code execution discussion earlier this week.
Arguably, technically-inclined users participating in the software supply chain should go beyond SIP and run in Lockdown mode permanently, both on the dev machine and any mobile devices used for MFA, or at the very least self-install SAP's "Privileges" or equivalent that requires a deliberate unlock to act as Administrator.
https://github.com/SAP/macOS-enterprise-privileges
This helps* prevent drive-bys with persistent payloads without the extra attack surface that is commercial AV or anti-malware.
* Helps prevent, not prevents.
- macOS privileges, quick and easy way to get administrator rights when needed
- Using an admin-account for daily work, really that bad?
- Admin rights and PAM
ProfileManifestsMirror
-
Firefox Using Only Approved Exts/Add Ons
You can make custom profiles in Jamf using the same json imazing uses/same repo. This will give you access to all of the keys available in the software. I think the reason they say it’s not enterprise software is there is no central control like chrome or edge. https://github.com/Jamf-Custom-Profile-Schemas/ProfileManifestsMirror
-
Automating OneDrive Known Folder Move (KFM)
If you are using Jamf, this custom settings json should help with the vast majority of what you are wanting to do.
-
Onedrive Plist JAMF
It might be easier to use a custom settings json. Here is one from a source that Jamf featured on their blog last year.
-
Need PLIST to deploy Zoom to macs
You should look into using Custom Settings json files to handle this. Here's one from a Jamf recommended source that I use in my environment. It works really well, and it's much easier to understand at a glance than a plist is.
-
How do I edit plists using Xcode?
If you're using Jamf Pro, you may be better off using a Custom Settings JSON to apply these settings.
-
Anyone know how to disable screen time for macOS? We use Jamf pro so either a script or profile would work if anyone knows or can help .
Are you wanting to completely disable it or just skip it during initial sign in? This custom settings json should help with the latter, and if you then restrict access to the "Screen Time" preference pane that should be a roundabout way to fully disable it.
-
iCloud Desktop & Documents Sync Makes an Unkillable Desktop Folder
Rather than putting the energy towards this script, you should start working on how to deploy the official one. All of the config settings are available now. If you are using Jamf, you can even use this custom settings json to handle like 90% of the work. The only major thing to know in advance is that the settings "KFMOptInWithWizard" and "KFMSilentOptIn" are looking for your tenant ID.
-
Deploying Google Drive via MDM
If you're using Jamf, this custom settings json should help with managing most of those kinds of settings.
-
Thoughts on managing MS Defender on macOS
One and done setup, though a Custom Settings json file can really streamline any modifications you have to do down the line.
-
3CX PWA deployment with JAMF
I believe WebAppInstallForceList is the setting you are looking for. It looks like that is included in this custom settings json though I have not verified that it will work.
What are some alternatives?
MakeMeAnAdmin - Provides temporary admin access for a standard user via Jamf Self Service
ProfileCreator - macOS app to create standard or customized configuration profiles.
macOS-Security-and-Privacy-Guide - Guide to securing and improving privacy on macOS
macOSLAPS - Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows
MakeMeAdminPy - Updated MakeMeAdmin workflow now converted to Python with violation checking if additional accounts get created during the users time as a temporary admin.
rtrouton-recipes - Recipes for AutoPkg
Installomator - Installation script to deploy standard software on Macs
LAPSforMac - Local Administrator Password Solution for Mac
kinobi - An external patch definition server for Jamf Pro
autopkg - Automating packaging and software distribution on macOS.