laurentpertois / temp-admin Goto Github PK

Hi !

First, I have not tried this yet but I use something similar (but more dirty script) at work.

My only feedback would be, as this should be scoped to users that are supposed to be standard and not admin, if, when we run the script, the user is (already) admin, shouldn't we give them $TEMPMINUTES of admin permissions but at the end demote them back to standard ?

(Asking for a friend)

We are having issues getting this to disable users from admin status as expected on macOS 12.
For com.apple.atrun we see:
defaults read /System/Library/LaunchDaemons/com.apple.atrun.plist
{
Disabled = 1;
Label = "com.apple.atrun";
ProgramArguments = (
"/usr/libexec/atrun"
);
StartInterval = 30;
Where the disabled flag is true.
are we missing something?

Hi Laurent! Your own Search-Scripts-In-Jamf script would flag this script for using python2 to obtain the current user :)

A simple switch to the common scutil method will sort that.

When I use this script in client , I found a problem , Admin already but nothing change in revoking the Current User Admin privileges. I had tried many times , you know , but it didn't work well ! I had change the time to 1 minutes and the result is as useless as before.