Demotes Admin User

Question

Demotes Admin User

Closed this issue 3 years ago · 5 comments

The script/helper is great. However there needs to be a way to EXCLUDE a local admin account. We're finding that our admin accounts are being demoted to standard users silently. This is a problem. Can an exclusion be made for said user?

Answer 1 · 2022-04-27T13:45:22.000Z

Hi @kristophersteel Thanks for the feedback! I can take a look at adding that functionality when time allows.

We do not have a separate admin account in the environment that this tool was written for, so what you described has not been an issue. I think the general consensus in the macadmin community is to get rid of that extra admin account. I understand that is not always possible, but it is worth considering.

That said, if your admin account is demoted by this tool you can always elevate that account back to admin with the Privileges application or PrivilegesCLI.

Answer 2 · 2022-04-27T14:26:40.000Z

Sam- Thanks! I’ve tried elevating it back but it requires an admin to elevate it. I may try the cli tool and see if that works.

…

On Apr 27, 2022, at 9:45 AM, Sam Mills ***@***.***> wrote: Hi @kristophersteel Thanks for the feedback! I can take a look at adding that functionality when time allows. We do not have a separate admin account in the environment that this tool was written for, so what you described has not been an issue. I think the general consensus in the macadmin community is to get rid of that extra admin account. I understand that is not always possible, but it is worth considering. That said, if your admin account is demoted by this tool you can always elevate that account back to admin with the Privileges application or PrivilegesCLI. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.

Answer 3 · 2022-04-27T14:51:20.000Z

How are you deploying Privileges? If done a certain way it should not require admin rights to elevate. I use the AutoPkg recipe to ensure the package is formed correctly. See here for details: https://derflounder.wordpress.com/2022/04/20/building-a-privileges-installer-package-using-autopkg/

Answer 4 · 2022-04-27T15:10:32.000Z

Wow! I just tested this and it worked as it should!!! Not sure what happened to cause that from the start. Amazing! Thank you so much. That solves the script issue because it doesn’t matter now.

…

On Apr 27, 2022, at 10:51 AM, Sam Mills ***@***.***> wrote: How are you deploying Privileges? If done a certain way it should not require admin rights to elevate. I use the AutoPkg recipe to ensure the package is formed correctly. See here for details: https://derflounder.wordpress.com/2022/04/20/building-a-privileges-installer-package-using-autopkg/ — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.

Answer 5 · 2022-04-27T15:13:26.000Z

Glad to hear! I'll go ahead and close this issue.