Add a feature to remove admin rights on logout / reboot

Question

Add a feature to remove admin rights on logout / reboot

memile123 opened this issue 2 years ago · 3 comments

Hi - Thank you for all the work on this tool, its been very helpful in my org. I have noticed admin permissions are still kept after reboot, logout and sleep. Any thoughts around adding something to remove or address?

Answer 1 · 2022-11-03T13:55:02.000Z

Thanks for the suggestion! I'm interested in the possibility, but I'm not sure it could be done with how things are set up currently. I'll have to give it some thought.

Feel free to suggest how you might do it and/or submit a PR if you have ideas!

Answer 2 · 2022-11-29T15:25:34.000Z

You could use PriviligesCLI and trigger it at logout via Jamf. Or you could use a logout hook and a script, but im not sure if this works in the current macOS version.

Answer 3 · 2023-04-25T19:29:37.000Z

PrivilegesDemoter version 3 is now in pre-release and there are some options in the wiki for making demote on login work.