Description
We can use a Files & Processes command in a Jamf Pro policy to elevate the user.
Proceed with Caution: Granting administrative privileges to standard users can introduce security risks. Only elevate users when necessary and limit access to those who truly need it.
Creating a policy to permanently elevate users
In Jamf Pro, go to Computers > Policies and click New.
Configure display name and choose a policy trigger and execution frequency.
Add the Files & Processes payload.
Under Execute command paste
dseditgroup -o edit -a "$(who | awk '/console/{ print $1 }')" -t user admin
Brief explanation of the different command flags:
dseditgroup: This is the command to edit group membership in macOS.
-o edit: Specifies the operation. In this scenario, to edit.
-a "$(who | awk '/console/{ print $1 }')": Adds the currently logged-in user to the group.
-t user admin: Specifies that the resource being added is a user, and the target group is 'admin'.
Click Scope and add desired test computers or computer groups.
As with any script, we highly recommend testing on a small number of devices before deploying it in masse.
Click Save.