Skip to main content

Elevate standard user to administrator permanently with Jamf Pro

Updated over a month ago

Description

We can use a Files & Processes command in a Jamf Pro policy to elevate the user.

Proceed with Caution: Granting administrative privileges to standard users can introduce security risks. Only elevate users when necessary and limit access to those who truly need it.

Creating a policy to permanently elevate users

  1. In Jamf Pro, go to Computers > Policies and click New.

  2. Configure display name and choose a policy trigger and execution frequency.

  3. Add the Files & Processes payload.

  4. Under Execute command paste dseditgroup -o edit -a "$(who | awk '/console/{ print $1 }')" -t user admin

    • Brief explanation of the different command flags:

      • dseditgroup: This is the command to edit group membership in macOS.

      • -o edit: Specifies the operation. In this scenario, to edit.

      • -a "$(who | awk '/console/{ print $1 }')": Adds the currently logged-in user to the group.

      • -t user admin: Specifies that the resource being added is a user, and the target group is 'admin'.

  5. Click Scope and add desired test computers or computer groups.

    • As with any script, we highly recommend testing on a small number of devices before deploying it in masse.

  6. Click Save.

Did this answer your question?