macOS-enterprise-privileges
macOSLAPS
| macOS-enterprise-privileges | macOSLAPS | |
|---|---|---|
| 41 | 27 | |
| 1,240 | 365 | |
| 0.6% | - | |
| 4.1 | 0.0 | |
| 3 months ago | about 1 year ago | |
| Objective-C | Swift | |
| Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
macOS-enterprise-privileges
- Administrator Accounts for Users
- Simple App to help Mac Admins
- Microsoft Enterprise SSO Plug-in and Tiered Accounts
-
MacOS user profile management inquiry
Also, if you need them to have admin rights, you can use something like https://github.com/SAP/macOS-enterprise-privileges
- MacOS: Grant temp admin rights to user from a Company Portal application
- Allow non-admins to manage Location Services
-
Can we hide the orange dot without disabling SIP?
> For technically-inclined users, I'm still largely unconvinced of the value of SIP.
Problem is technically-inclined users are the ones most likely to not be running "defense in depth" and therefore susceptible to zero days such as the H.264->code execution discussion earlier this week.
Arguably, technically-inclined users participating in the software supply chain should go beyond SIP and run in Lockdown mode permanently, both on the dev machine and any mobile devices used for MFA, or at the very least self-install SAP's "Privileges" or equivalent that requires a deliberate unlock to act as Administrator.
https://github.com/SAP/macOS-enterprise-privileges
This helps* prevent drive-bys with persistent payloads without the extra attack surface that is commercial AV or anti-malware.
* Helps prevent, not prevents.
- macOS privileges, quick and easy way to get administrator rights when needed
- Using an admin-account for daily work, really that bad?
- Admin rights and PAM
macOSLAPS
-
Best practice for MacOS control + user experience in Intune. (Autopilot for Macs to Intune)
LAPS isn't natively supported but once again there's a third-party solution
- Simple App to help Mac Admins
-
Mac user password resets
As others have mentioned, a second account with admin privileges might be your best bet. If you're going to go that route, you may want to implement macoslaps along with that. Macoslaps randomizes the local admin password which comes in handy if you need to give the password to someone. It used to be only for Active Directory joined Macs but now can be used without an active directory (via MDM). Here's the link for more info: This goes on the clients - https://github.com/joshua-d-miller/macOSLAPS
-
Anyone know if macOSLAPS will work with the new Windows LAPS update Microsoft just announced?
We use MacOSLAPS on our Mac clients to randomize the admin password on those machines: https://github.com/joshua-d-miller/macOSLAPS
-
The Active Directory team has delivered LAPS natively to Windows 10 & 11, #WindowsServer 2019 & 2022 with this month’s Patch Tuesday!
And that implementation is why when I set this up at $oldJob I set the RemovePassChars key to all ambiguous characters I had run into on the Microsoft product.
-
First Post - a stupidly specific failure
I believe setting something like macOSLAPS up will also resolve the issue since the automatically created local account would authenticate and update it's password silently.
- is it possible to see what account made changes to the system?
-
Need advice for securing company laptops
There are a variety of alternatives, such as https://github.com/joshua-d-miller/macOSLAPS
- Create a standard account, no admin account
- Mac User accounts
What are some alternatives?
MakeMeAnAdmin - Provides temporary admin access for a standard user via Jamf Self Service
LAPSforMac - Local Administrator Password Solution for Mac
macOS-Security-and-Privacy-Guide - Guide to securing and improving privacy on macOS
access-manager - Access Manager provides web-based access to local admin (LAPS) passwords, BitLocker recovery keys, and just-in-time administrative access to Windows computers in a modern, secure, and user-friendly way.
ProfileManifestsMirror - Jamf JSON schema manifests automatically generated from ProfileCreator manifests (https://github.com/ProfileCreator/ProfileManifests)
rtrouton-recipes - Recipes for AutoPkg
PPPC-Utility - Privacy Preferences Policy Control (PPPC) Utility
nudge - A tool for encouraging the installation of macOS security updates.
MakeMeAdminPy - Updated MakeMeAdmin workflow now converted to Python with violation checking if additional accounts get created during the users time as a temporary admin.