Temporary Admin rights for Standard user on macOS VenturaSolved

Participant
Discussion
9 months ago

I am searching for a script “Make a standard user an admin” that is compatible with the macOS Ventura version. The script that I have is not working and doesn’t show any errors. I also know about the Privileges, but I am especially looking for a script that changes the account status to admin, also want to control the time duration, the account should have admin access only for 45 minutes. Also, I want to execute that script from the UEM portal.

Is there any script available that works with macOS Ventura?

Replies (5)

Marked SolutionPending Review
Participant
9 months ago
Marked SolutionPending Review

@Eugene. Did you try the existing script with a different standard user account?

Marked SolutionPending Review
Participant
9 months ago
Marked SolutionPending Review

@Deborah, Yes, I have tested it multiple times with different standard user accounts.

Marked SolutionPending Review
Participant
9 months ago
Marked SolutionPending Review

You can try privileges. It works well.

https://github.com/SAP/macOS-enterprise-privileges

Marked SolutionPending Review
Participant
9 months ago
Marked SolutionPending Review

@Gael.
The Privileges app is good, but I need more control over the temporary admin rights duration. I need a script that works for only 45 minutes duration. After the duration ends, admin rights should revert to a standard user account. Also, I want to execute the script from the portal.

Marked SolutionPending Review
Hexnode Expert
9 months ago
Marked SolutionPending Review

Hello everyone. Thanks for sharing valuable insights in our Hexnode Connect.

Yes, @Eugene. You can grant temporary administrative privileges for standard user accounts on macOS Ventura via scripts. You can execute the following script to grant administrative privileges to a standard user account for 45 minutes using Hexnode’s Execute Custom Script feature:

//bin/bash

macname=$(networksetup -getcomputername)

date=$(date +”%d-%m-%y”)

time=$(date +”%r”)

console=$(stat -f “%Su” /dev/console)

echo $console

if groups $console | grep -q -w admin;

then

echo “Is Already admin”;

exit 0 else

echo “Not admin”;

fi

osascript -e ‘display dialog “You now have Administrative Rights. Please do not misuse this privilege” buttons {“OK”} default button 1’

dscl . -append /groups/admin GroupMembership $console

sleep 2700 #sleep set for 45 minutes

sudo dseditgroup -o edit -d $console -t user admin

exit 0

This script only works with the currently logged-in user account. Ensure that the user to be granted administrative privileges is logged-in on the device.

After executing the script, the user will be prompted You now have administrator rights. Please do not misuse this privilege.” The user must click on the ‘OK’ button to obtain admin privileges for 45 minutes.

Once the specified duration ends, the administrative privileges are revoked.

If you encounter any issues or queries, please feel free to contact us at any time.

Regards,

Goerge

Hexnode UEM