Hey, we need to install Auto Cad on one of our employees’ devices. have instructed the employee to install the app himself. However, admin privileges are required for him to install the app. Can anything be done here to grant the privilege to standard users and remove it after some time?
Hi @itzel,
Thanks for reaching out to us.
Yes, you can give admin privileges to a standard user by executing a custom script from the Hexnode portal. Here’s a script that will grant the standard user admin privileges for 30 minutes. Please make sure that the user’s device has an active internet connection.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
#!/bin/bash osascript -e 'display dialog "You have now been granted administrator rights for 30 minutes. Please do not misuse this privilege." buttons {"Make me an admin"} default button 1' #Create the plist sudo defaults write /Library/LaunchDaemons/removeAdmin.plist Label -string "removeAdmin" #Add program argument to have it run the update script sudo defaults write /Library/LaunchDaemons/removeAdmin.plist ProgramArguments -array -string /bin/sh -string "/Library/Application Support/HexnodeMDM/removeAdminRights.sh" #Set the run inverval to run every 7 days sudo defaults write /Library/LaunchDaemons/removeAdmin.plist StartInterval -integer 1800 #Set run at load sudo defaults write /Library/LaunchDaemons/removeAdmin.plist RunAtLoad -boolean yes #Set ownership sudo chown root:wheel /Library/LaunchDaemons/removeAdmin.plist sudo chmod 644 /Library/LaunchDaemons/removeAdmin.plist #Load the daemon launchctl load /Library/LaunchDaemons/removeAdmin.plist sleep 10 if [ ! -d /private/var/userToRemove ]; then mkdir /private/var/userToRemove echo $currentUser >> /private/var/userToRemove/user else echo $currentUser >> /private/var/userToRemove/user fi /usr/sbin/dseditgroup -o edit -a $currentUser -t user admin cat << 'EOF' > /Library/Application\ Support/HexnodeMDM/removeAdminRights.sh if [[ -f /private/var/userToRemove/user ]]; then userToRemove=$(cat /private/var/userToRemove/user) echo "Removing admin privileges of $userToRemove" /usr/sbin/dseditgroup -o edit -d $userToRemove -t user admin rm -f /private/var/userToRemove/user launchctl unload /Library/LaunchDaemons/removeAdmin.plist rm /Library/LaunchDaemons/removeAdmin.plist log collect --last 30m --output /private/var/userToRemove/$userToRemove.logarchive fi EOF exit 0 |
Replace ‘$currentUser’ and ‘$userToRemove’ with the employee’s user name.
After executing the script, a prompt “You have now been granted administrator rights for 30 minutes. Please do not misuse this privilege.” will display on the end user’s device. Click on Make me an admin to get the job done.
The user can now install AutoCAD by himself.
Disclaimer:
Please note that the script is obtained from third-party open-source sites. Hence, it is recommended to validate the script execution on a system manually. And, Hexnode will not be responsible for any damage/loss to the system due to the script’s behavior.
Hope this helps. Do reach out if you have any further queries.
Cheers
Evin Lee
Hexnode UEM
23 March 2022