10/30/2022 0 Comments Single app mode jamf pro![]() ![]() ![]() Instead of clicking the app to request elevated privileges, the ‘Toggle Privileges’ function via the Dock menu can be used to limit the use of Admin rights in time. ![]() Apart from locking the screen or going back to the Login Window (without logging out the user) the end user has the possibility to set a timer on his/her admin rights. Next, have a look at the Dock item on it’s own, and do a ctrl/right click on it. Harry Potter couldn’t do it any better with all his so called magic! Also check out the Dock item! How cool is that! What do you think? For what it’s worth, I love it! So let’s confirm it in Users & Groups… Admin, with just a press on a button… Sweet! #Single app mode jamf pro install… no prompt for Admin credentials to install the “Helper Tool” ! And we immediately get the notification that the Privileges have been granted. Let’s run it! Once installed, hit the icon in the Dock and click on “Request Privileges”… Self Service policy with the custom pkg, scoped to only those who need to become Admin! #Single app mode jamf pro proHowever, I also found the scripts alongside the recipes, so just to test this options as well, I repackaged ‘Privileges’ myself with composer and added the Post-Install script from Rich’s Github (Script by Marc Thielemann).īuilt the pkg, upload it to Jamf Pro and create a Self Service policy… don’t forget to add the Dock item ! Don’t forget the Dock Item! And just ignore the custom trigger… just used it for testing. I grabbed one of the recipes and used autopkg to get a nice pkg to deploy ‘Privileges’ with the automated installation of the ‘Helper Tools’. Bye bye admin rights as per default deployment, and then only give this app to those users who really need it.īut the prompt for the admin rights to install the “Helper Tools” was initially a little blocker, so MacAdmins Slack to the rescue! And before I lost any time trying to script it myself… Rich reminded me of his GitHub collection, which include some options to automate the process! I wanted to add this app to a workflow where I’d make all my end users ‘Standard Accounts’ (demote everyone, change the pre-stage enrolment to Standard Accounts, etc). First of all, when you run the default app for the first time, it asks for Admin rights to install the “Helper Tools”: But don’t worry nothing that can’t be fixed or tweaked. While it’s really a beautiful little tool, it does however have some limitations by design. While there might be other solutions available, such as scripting the elevated privileges via Self Service, the SAP privileges app makes it all possible without too much effort, and even when the end User is offline. The basic idea behind the app is to ensure that your end users, who need to be Admin for specific tasks, don’t use their Admin account while performing day to day tasks which don’t require Admin privileges at all. Nevertheless, Rich Trouton was so friendly to point me to his own Privileges scripts and recipes to enhance the deployment! This made it even easier to use! Thanks Rich! Within the limitations of the design of course. That said, there is no need to, as it just works as expected. You are welcome to make changes to improve it but we are not available for questions or support of any kind. This project is 'as-is' with no support, no changes being made. So, let’s not waste any time and dive right into it! Note: Little disclaimer from the SAP Github project page. I knew about the existence of this tool but never took the time to check it out… I want to spend some time testing some hidden or maybe less known gems that will make your life as a macAdmin a bit easier.Īnd the honour for the first awesome little tool I’d like to discuss goes to: SAP – Privileges. #Single app mode jamf pro seriesTime to add some variety to the blog, so I’m starting a series of post which I’ll mix in between other more mainstream topics. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |