macOS-enterprise-privileges
community-screenrecording-pppc-profile
| macOS-enterprise-privileges | community-screenrecording-pppc-profile | |
|---|---|---|
| 41 | 15 | |
| 1,243 | 169 | |
| 0.9% | - | |
| 4.1 | 4.4 | |
| 3 months ago | 2 months ago | |
| Objective-C | ||
| Apache License 2.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
macOS-enterprise-privileges
- Administrator Accounts for Users
- Simple App to help Mac Admins
- Microsoft Enterprise SSO Plug-in and Tiered Accounts
-
MacOS user profile management inquiry
Also, if you need them to have admin rights, you can use something like https://github.com/SAP/macOS-enterprise-privileges
- MacOS: Grant temp admin rights to user from a Company Portal application
- Allow non-admins to manage Location Services
-
Can we hide the orange dot without disabling SIP?
> For technically-inclined users, I'm still largely unconvinced of the value of SIP.
Problem is technically-inclined users are the ones most likely to not be running "defense in depth" and therefore susceptible to zero days such as the H.264->code execution discussion earlier this week.
Arguably, technically-inclined users participating in the software supply chain should go beyond SIP and run in Lockdown mode permanently, both on the dev machine and any mobile devices used for MFA, or at the very least self-install SAP's "Privileges" or equivalent that requires a deliberate unlock to act as Administrator.
https://github.com/SAP/macOS-enterprise-privileges
This helps* prevent drive-bys with persistent payloads without the extra attack surface that is commercial AV or anti-malware.
* Helps prevent, not prevents.
- macOS privileges, quick and easy way to get administrator rights when needed
- Using an admin-account for daily work, really that bad?
- Admin rights and PAM
community-screenrecording-pppc-profile
- Automate allows permissions for certain apps
-
Getting around MacOS permissions in Intune
As for stuff like screen control, well yeah, macOS enforces the user clicking "allow" on a system level. There's a community .mobileconfig file you can upload to Intune. It won't auto-approve the screen share capability, but it does allow a standard admin to click Allow instead of needing admin.
- Screen Capture via Mac OS - No Admin Privileges
- How do I allow non admins to Screen-share from payload/profile in macOS via MDM (workspace one in my case)?
- Is it possible to push screen sharing settings to MacOS devices?
- 2 IT guys spent almost 2 hours to install Windows network shared printer on a Mac
- How can I disable screen recording permissions system-wide?
-
Is there any way to pre-approve Security/Privacy options for software?
Applying this profile will allow them to self approve screen recording for most apps: https://github.com/poundbangbash/community-screenrecording-pppc-profile/blob/master/ScreenRecording-All-Known-Test-Profile.mobileconfig
-
Screen Recording policy not applying to macOS
I'm trying to deploy this custom profile to my Macs managed by Intune but Intune says that this profile is not applicable to 100% of my machines.
-
Teams/Zoom - Automate allow of permissions?
This should help
What are some alternatives?
MakeMeAnAdmin - Provides temporary admin access for a standard user via Jamf Self Service
PPPC-Utility - Privacy Preferences Policy Control (PPPC) Utility
macOS-Security-and-Privacy-Guide - Guide to securing and improving privacy on macOS
mvregex
ProfileManifestsMirror - Jamf JSON schema manifests automatically generated from ProfileCreator manifests (https://github.com/ProfileCreator/ProfileManifests)
ProfileCreator - macOS app to create standard or customized configuration profiles.
macOSLAPS - Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows
rtrouton-recipes - Recipes for AutoPkg
LAPSforMac - Local Administrator Password Solution for Mac
MakeMeAdminPy - Updated MakeMeAdmin workflow now converted to Python with violation checking if additional accounts get created during the users time as a temporary admin.
Installomator - Installation script to deploy standard software on Macs
dotfiles - macOS dotfiles for 10.13. Drawing upon the work of many others' dotfiles. Sets up Mac with home-brew, PHP 7.1 fish shell and more.