[Privileges 2] - Unable to toggle Privileges when Config Profile been deployed - Githubissues

SAP / macOS-enterprise-privileges

For Mac users in enterprise environments, this application gives users control over the administration of their machine by elevating their level of access to administrator privileges on macOS. Users can set a timeframe in the application's settings to perform specific tasks, such as installing or removing an application.

Apache License 2.0

1.4k stars 149 forks source link

[Privileges 2] - Unable to toggle Privileges when Config Profile been deployed #113

Closed msanftenberg closed 1 month ago

msanftenberg commented 1 month ago

When we install the sample configuration profile from within the resources folder and modify this to our needs the expected changes are not happening. When the profile is been deployed the "Request Privileges" is been grayed out. As soon as the profile is going to be removed "Request Privileges" is available and Privileges can be switched.

aduffner commented 1 month ago

Hi @msanftenberg, can you please post your changes to the mobileconfig as code?

msanftenberg commented 1 month ago

Seems that the Code section seems not to work write. Attached is all as TXT. Privileges_2-0_Testing.txt

aduffner commented 1 month ago

@msanftenberg You have configured the ReasonRequired and ReasonMinLength keys so that the user is forced to enter a reason with a minimum of 20 characters and a maximum of 50 characters according to ReasonMaxLength. After entering the reason, the button remains grayed out?

Tip for next time: Code which is multiline needs to be encapsulated by ``` before and after ``` the code.

msanftenberg commented 1 month ago

Thanks for the Tip. I'm not even getting the question to request the admin rights. @

2024-10-16 at 10 09 44

aduffner commented 1 month ago

@msanftenberg Ah got it, you have set EnforcePrivileges to user. Just remove this key from your config.

msanftenberg commented 1 month ago

Thanks. Even after removal sadly not working. Same as before that I'll can't right click and "Request Privileges"

aduffner commented 1 month ago

@msanftenberg Why do you want to right-click? Just left-click as usual and authenticate by fingerprint sensor or password as intended. Have you read the comments in the example profile?

msanftenberg commented 1 month ago

I did tried. If I left click it, I can shortly see that it seems a window opens but nothing then happens.

aduffner commented 1 month ago

@msanftenberg I should have asked first:

Which macOS version and which version of Privileges are you using?
How you deploy the config profile?
How the profile looks under settings on the specific machine?

mthielemann commented 1 month ago

@msanftenberg

key: ReasonRequired
value: a boolean

When set to true, the user must provide a reason for requesting administrator privileges.
The reason is logged. Note that once this option is enabled, privileges cannot be changed
from the Privileges Dock tile menu.

So it is expected behavior that the Dock item's "Request Privileges" entry is grayed-out as soon as you require the user to enter a reason. Hope this helps.