Our great sponsors
-
dotfiles
macOS dotfiles for 10.13. Drawing upon the work of many others' dotfiles. Sets up Mac with home-brew, PHP 7.1 fish shell and more. (by memco)
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
macOS-enterprise-privileges
For Mac users in an Enterprise environment, this app gives the User control over administration of their machine by elevating their level of access to Administrator privileges on macOS. Users can set the time frame using Preferences to perform specific tasks such as install or remove an application.
Discussion from the last time this was posted in 2018 - https://news.ycombinator.com/item?id=18099835
Also the macOS Security and Privacy Guide may be of interest
https://github.com/drduh/macOS-Security-and-Privacy-Guide
as discussed on HN last year https://news.ycombinator.com/item?id=24242890
Here's a somewhat dated example of such a setup: https://github.com/memco/dotfiles. Basically, you just need the install.sh if all you care about is macOS preferences, but you can also add in something like the brewfile so that you can also install your apps. My brewfile leverages MAS so that I can install stuff from the app store in addition to what's available via brew. I haven't automated app preferences, but macOS and apps are just a clone, `./install.sh && brew bundle --file Brewfile` away.
See BLEUnlock[1] for a simple Bluetooth proximity lock solution for macOS or BusKill[2] for a cross-platform wired solution.
[1] https://github.com/ts1/BLEUnlock
[2] https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-k...
A well known macOS It developer created an app that can give you admin rights and take them away with an app.
https://github.com/SAP/macOS-enterprise-privileges
Essentially you can still be the admin on your account but this app can make you a general user. When you need to install anything, run the app and grant yourself temporary admin rights. If you deploy this to employees with a management system, you can define default reversion to general user. It addresses the need to not allow users to be admins all the time, grants only when the need it for installation.