Category filter
Script to revoke/give Admin rights to Standard user in Mac
Administrative privileges are necessary for making system-wide changes like adding/managing users, adding/deleting programs etc. Using the following scripts, you can revoke or grant admin rights to a user through Hexnode.
The sample scripts provided below are adapted from third-party open-source sites.
Revoking admin rights of an account
|
1 2 3 4 5 6 7 8 9 10 11 12 |
#!/bin/sh USERNAME=$1 sudo dseditgroup -o edit -d "$USERNAME" -t user admin errcode=$? if [ "$errcode" -ne 0 ]; then echo "" echo "Failed" echo "" exit 1 fi echo "Admin rights revoked for user $USERNAME" |
Giving admin rights to a standard account
|
1 2 3 4 5 6 7 8 9 10 11 |
#!/bin/sh USERNAME=$1 sudo /usr/sbin/dseditgroup -o edit -a "$USERNAME" -t user admin errcode=$? if [ "$errcode" -ne 0 ]; then echo "" echo "Failed with errorcode $errcode" echo "" exit 1 fi |
Give admin rights to a standard account for 30 minutes
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
#!/bin/bash osascript -e 'display dialog "You have now been granted administrator rights for 30 minutes. Please do not misuse this privilege." buttons {"Make me an admin"} default button 1' currentUser=$1 echo $currentUser #Create the plist sudo defaults write /Library/LaunchDaemons/removeAdmin.plist Label -string "removeAdmin" #Add program argument to have it run the update script sudo defaults write /Library/LaunchDaemons/removeAdmin.plist ProgramArguments -array -string /bin/sh -string "/Library/Application Support/HexnodeMDM/removeAdminRights.sh" #Set run at load sudo defaults write /Library/LaunchDaemons/removeAdmin.plist RunAtLoad -boolean yes #Set ownership sudo chown root:wheel /Library/LaunchDaemons/removeAdmin.plist sudo chmod 644 /Library/LaunchDaemons/removeAdmin.plist #Load the daemon launchctl load /Library/LaunchDaemons/removeAdmin.plist sleep 10 if [ ! -d /private/var/userToRemove ]; then mkdir /private/var/userToRemove echo $currentUser >> /private/var/userToRemove/user else echo $currentUser >> /private/var/userToRemove/user fi /usr/bin/dscl . -append /Groups/admin GroupMembership $currentUser cat << 'EOF' > /Library/Application\ Support/HexnodeMDM/removeAdminRights.sh if [[ -f /private/var/userToRemove/user ]]; then userToRemove=$(cat /private/var/userToRemove/user) echo "Removing admin privileges of $userToRemove -" /usr/bin/dscl . -delete /Groups/admin GroupMembership $userToRemove rm -f /private/var/userToRemove/user launchctl unload /Library/LaunchDaemons/removeAdmin.plist rm /Library/LaunchDaemons/removeAdmin.plist fi exit 0 |
Provide the username as the argument when executing the script through the portal.
After executing the script, the device (logged in with the given user account) displays a prompt, ” You have now been granted administrator rights for 30 minutes. Please do not misuse this privilege. “. The user has to click on the ‘Make me an admin‘ button to obtain admin privileges.
- It is recommended to manually validate the script execution on a system before executing the action in bulk.
- Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.
