Git Product home page Git Product logo

temp-admin's Introduction

Temp-Admin

Script to give admin privileges for a few minutes, remove them from the user and other accounts

With this script executed from Jamf Self Service (or probably any other management tool that can let users execute scripts), users get temporary admin privileges for the amount of time you choose (default is 10 minutes).

After the time is expired, another script is run in order to remove admin privileges for the user but also for any user account created as an admin after the launch of the first script. The new admin accounts created are discovered comparing the list of admins before and after, even if they have a low UID (<501).

This script requires 1 parameter:

  • Number of minutes during which a user is an admin (default is 10 minutes)

The script is a simple Self Service policy that can be allowed any time or restricted using execution frequency and/or scoping.

A simple icon is provided for use in Self Service if you want.

Changes

This is a new version of the script previously published. It does not require to exclude manually an admin in the parameters and will also find admins that would be hidden.

A PPPC (Privacy Preferences Policy Control), aka TCC, configuration profile is required now to give the atrun command access to the disk, an example is provided.

Things to know...

This script uses the "at" command in order to execute the second part of the action (removal of admin privileges and remediation of admins created after the launch). Which means it could potentially be blocked by stopping the "at" Launchd element.

Similar projects

My friend Sebastien Del Saz Alvarez used this script and added a feature to request a PIN code generated by the script and stored in Jamf Pro:

https://github.com/Sdelsaz/PIN-for-Admin

temp-admin's People

Contributors

laurentpertois avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar

temp-admin's Issues

Use of python2 to obtain current user

Hi Laurent! Your own Search-Scripts-In-Jamf script would flag this script for using python2 to obtain the current user :)

A simple switch to the common scutil method will sort that.

Invalid in using it with JAMF Self Service!

When I use this script in client , I found a problem , Admin already but nothing change in revoking the Current User Admin privileges. I had tried many times , you know , but it didn't work well ! I had change the time to 1 minutes and the result is as useless as before.

Demoting to standard user if it was already admin

Hi !

First, I have not tried this yet but I use something similar (but more dirty script) at work.

My only feedback would be, as this should be scoped to users that are supposed to be standard and not admin, if, when we run the script, the user is (already) admin, shouldn't we give them $TEMPMINUTES of admin permissions but at the end demote them back to standard ?

(Asking for a friend)

com.apple.atrun appears to be configured as disabled in macOS 12...

We are having issues getting this to disable users from admin status as expected on macOS 12.
For com.apple.atrun we see:
defaults read /System/Library/LaunchDaemons/com.apple.atrun.plist
{
Disabled = 1;
Label = "com.apple.atrun";
ProgramArguments = (
"/usr/libexec/atrun"
);
StartInterval = 30;
Where the disabled flag is true.
are we missing something?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.