‘Self-Destructive’ LaunchDaemon & Script?

This page summarizes the projects mentioned and recommended in the original post on /r/macsysadmin

Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
  • MakeMeAnAdmin

    Provides temporary admin access for a standard user via Jamf Self Service

    For a real-world example, look at Jamf’s own “MakeMeAnAdmin” script (https://github.com/jamf/MakeMeAnAdmin/blob/master/MakeMeAnAdmin.sh). This is designed to do exactly what I describe above, but it doesn’t work for me on Monterey or on Big Sur. The LaunchDaemon is never actually removed from /Library/LaunchDaemons after it gets unloaded and the script is not deleted either.

  • macOS-enterprise-privileges

    For Mac users in an Enterprise environment, this app gives the User control over administration of their machine by elevating their level of access to Administrator privileges on macOS. Users can set the time frame using Preferences to perform specific tasks such as install or remove an application.

    Also have you looked into the macOS Enterprise Privileges app? It may be an easier route than the one you're taking, and it can be configured using Jamf's Custom Settings json stuff

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • ProfileManifestsMirror

    Jamf JSON schema manifests automatically generated from ProfileCreator manifests (https://github.com/ProfileCreator/ProfileManifests)

    Also have you looked into the macOS Enterprise Privileges app? It may be an easier route than the one you're taking, and it can be configured using Jamf's Custom Settings json stuff

  • MakeMeAdminPy

    Updated MakeMeAdmin workflow now converted to Python with violation checking if additional accounts get created during the users time as a temporary admin.

    https://github.com/kc9wwh/MakeMeAdminPy is the one I have been using. The only issue I have run into is having it check the organizational admin account password. But it downgrades any admin accounts created with the privileges and adds them to a smartgroup in Jamf Pro which I have email notifications set up for. Not sure if this helps any.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts