Our great sponsors
-
For a real-world example, look at Jamf’s own “MakeMeAnAdmin” script (https://github.com/jamf/MakeMeAnAdmin/blob/master/MakeMeAnAdmin.sh). This is designed to do exactly what I describe above, but it doesn’t work for me on Monterey or on Big Sur. The LaunchDaemon is never actually removed from /Library/LaunchDaemons after it gets unloaded and the script is not deleted either.
-
macOS-enterprise-privileges
For Mac users in an Enterprise environment, this app gives the User control over administration of their machine by elevating their level of access to Administrator privileges on macOS. Users can set the time frame using Preferences to perform specific tasks such as install or remove an application.
Also have you looked into the macOS Enterprise Privileges app? It may be an easier route than the one you're taking, and it can be configured using Jamf's Custom Settings json stuff
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
ProfileManifestsMirror
Jamf JSON schema manifests automatically generated from ProfileCreator manifests (https://github.com/ProfileCreator/ProfileManifests)
Also have you looked into the macOS Enterprise Privileges app? It may be an easier route than the one you're taking, and it can be configured using Jamf's Custom Settings json stuff
-
MakeMeAdminPy
Updated MakeMeAdmin workflow now converted to Python with violation checking if additional accounts get created during the users time as a temporary admin.
https://github.com/kc9wwh/MakeMeAdminPy is the one I have been using. The only issue I have run into is having it check the organizational admin account password. But it downgrades any admin accounts created with the privileges and adds them to a smartgroup in Jamf Pro which I have email notifications set up for. Not sure if this helps any.