SAP / macOS-enterprise-privileges

For Mac users in enterprise environments, this application gives users control over the administration of their machine by elevating their level of access to administrator privileges on macOS. Users can set a timeframe in the application's settings to perform specific tasks, such as installing or removing an application.
Apache License 2.0
1.4k stars 150 forks source link

How to install "Helper Tools" via script #19

Closed samerfarida closed 3 years ago

samerfarida commented 3 years ago

Hello,

We are going to install Privileges.app remotely and we would like to also execute the --remove after that but looks like there are additional installs needed like the helper tools /Library/PrivilegedHelperTools/corp.sap.privileges.helper and /Library/LaunchDaemons/corp.sap.privileges.helper.plist its seems like these are only triggered or prompted when using or launch privileges.app and getting an error when using PrivilegesCLI --remove.

Test01@TestMac ~ % su -l "$currentUser" -c "/Applications/Privileges.app/Contents/Resources/PrivilegesCLI --status"
User Test01 has admin rights

Test01@TestMac ~ % su -l "$currentUser" -c "/Applications/Privileges.app/Contents/Resources/PrivilegesCLI --remove"
Helper connection invalidated!
Failed to execute XPC method!: NSCocoaErrorDomain (4099)
Failed to execute XPC method!

With that said, is there a workaround via script to install Helper Tools to initial execution of the PrivilegesCLI --remove for the end users instead of waiting for the end users to initial that.

Thank you

Sammy

rtrouton commented 3 years ago

Here's how to build an installer package for Privileges:

https://derflounder.wordpress.com/2019/03/20/building-an-installer-package-for-privileges-app/

There are also AutoPkg recipes available, if you use AutoPkg's search function: autopkg search com.github.rtrouton.Privileges

Packages built using either the manual or AutoPkg-driven methods linked above will install the helper tools along with Privileges.

The error you're seeing is expected behavior. Privileges is hardened against having outside processes connect to the helper tools. For more details, please see the release notes for Privileges 1.5.1: https://github.com/SAP/macOS-enterprise-privileges/tree/1.5.1