macOS-enterprise-privileges
rtrouton-recipes
| macOS-enterprise-privileges | rtrouton-recipes | |
|---|---|---|
| 41 | 3 | |
| 1,240 | 126 | |
| 0.6% | 0.0% | |
| 4.1 | 7.6 | |
| 3 months ago | about 1 month ago | |
| Objective-C | Python | |
| Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
macOS-enterprise-privileges
- Administrator Accounts for Users
- Simple App to help Mac Admins
- Microsoft Enterprise SSO Plug-in and Tiered Accounts
-
MacOS user profile management inquiry
Also, if you need them to have admin rights, you can use something like https://github.com/SAP/macOS-enterprise-privileges
- MacOS: Grant temp admin rights to user from a Company Portal application
- Allow non-admins to manage Location Services
-
Can we hide the orange dot without disabling SIP?
> For technically-inclined users, I'm still largely unconvinced of the value of SIP.
Problem is technically-inclined users are the ones most likely to not be running "defense in depth" and therefore susceptible to zero days such as the H.264->code execution discussion earlier this week.
Arguably, technically-inclined users participating in the software supply chain should go beyond SIP and run in Lockdown mode permanently, both on the dev machine and any mobile devices used for MFA, or at the very least self-install SAP's "Privileges" or equivalent that requires a deliberate unlock to act as Administrator.
https://github.com/SAP/macOS-enterprise-privileges
This helps* prevent drive-bys with persistent payloads without the extra attack surface that is commercial AV or anti-malware.
* Helps prevent, not prevents.
- macOS privileges, quick and easy way to get administrator rights when needed
- Using an admin-account for daily work, really that bad?
- Admin rights and PAM
rtrouton-recipes
-
SAP Privileges helper tool question?
It doesn't look like the default recipe for Privileges has an install or post install script. Which do you use? https://github.com/autopkg/rtrouton-recipes/blob/master/Privileges/Privileges.munki.recipe
-
Issues With Configuring & Deploying SAP macOS Enterprise Privileges App
Package building. I don't have access to our AutoPkgr setup, so for now I am using Jamf Composer to build it with the same pre and post-install scripts as rtrouton's AutoPkgr recipe. When I build it this way by hand, the icon showing admin status never changes. If I run the postinstall script manually after installing, the icon changes just fine. Is this just a quirk of me attempting to hand build something designed to be automated?
- Possibe to preconfigure SAP Privileges 'Helper Tool'?
What are some alternatives?
MakeMeAnAdmin - Provides temporary admin access for a standard user via Jamf Self Service
macOS-Security-and-Privacy-Guide - Guide to securing and improving privacy on macOS
ProfileManifestsMirror - Jamf JSON schema manifests automatically generated from ProfileCreator manifests (https://github.com/ProfileCreator/ProfileManifests)
macOSLAPS - Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows
LAPSforMac - Local Administrator Password Solution for Mac
MakeMeAdminPy - Updated MakeMeAdmin workflow now converted to Python with violation checking if additional accounts get created during the users time as a temporary admin.
Installomator - Installation script to deploy standard software on Macs
community-screenrecording-pppc-profile - Management profile for MDM of all community provided apps that use ScreenRecording on macOS
dotfiles - macOS dotfiles for 10.13. Drawing upon the work of many others' dotfiles. Sets up Mac with home-brew, PHP 7.1 fish shell and more.
PrivilegesDemoter - Allow users to self manage admin privileges, while reminding them to operate as standard whenever possible.
BLEUnlock - Lock/unlock your Mac with your iPhone, Apple Watch, or any other Bluetooth LE devices