search

SAP / macOS-enterprise-privileges

For Mac users in enterprise environments, this application gives users control over the administration of their machine by elevating their level of access to administrator privileges on macOS. Users can set a timeframe in the application's settings to perform specific tasks, such as installing or removing an application.
Apache License 2.0
1.4k stars 149 forks source link

DockToggleTimeout not working on Privs 1.5.3 with LimitToUser enabled #46

Closed dammitbenny closed 9 months ago

dammitbenny commented 2 years ago

We are running Privileges 1.5.3 and when we enable LimitToUser with $USERNAME value in the Jamf config profile, the "Toggle privileges" option in the Dock icon is greyed out. I have this configured on multiple Macs running Monterey 12.4.

I attempted configuration with an uploaded mobileconfig profile with only the DockToggleTimeout and LimitToUser keys enabled as well as an uploaded JSON schema manifest file. When I view the plist in the Jamf config profile is has a structure that matches the example configuration profiles. I validated the LimitToUser functionality is working as expected, eg not allowing users aside from primary to elevate to admin. We are using local accounts.

When I remove the LimitToUser config, the DockToggleTimeout works and the "Toggle privileges" option is available in the Dock icon.

Has anyone else encounter this issue? Any thoughts on how to get these two features to work simultaneously?

salihzett commented 2 years ago

same here. Set it to 5 mins. via MDM and Profile also via App Settings. Same behavior, nothing is happening.

colorenz commented 2 years ago

Hi, it also does not work with LimitToGroup :(.

Bests Regards

SIXfoot5ins commented 1 year ago

same here. Set it to 5 mins. via MDM and Profile also via App Settings. Same behavior, nothing is happening.

I see the same behaviour too

tauruskarthick commented 1 year ago

I'm using Ventura with Privileges 1.5.3(1330). I'm just testing with the app. Even I too experience that I set the 'Dock tile timeout' for 5 mins and made the standard users as a administrator. waited for 5 mins and 20 mins, it did not change. I've to manually change it. It's not working i guess. Not sure how to recommend this tool.

rtrouton commented 1 year ago

Time-limited admin is only available using the Toggle privileges function. This is covered in the Privileges FAQ: https://github.com/SAP/macOS-enterprise-privileges/wiki/Frequently-Asked-Questions

Question: By default, is there a time limit on the admin rights granted by Privileges?

Answer: No. Admin rights are granted until some process (like running Privileges again) takes them away.

Question: Can I set Privileges to give me administrator rights for a defined amount of time?

Answer: Yes. You can use the Toggle Privileges option on the dock icon to get admin rights for a set amount of time (the default amount is 20 minutes.)
tauruskarthick commented 1 year ago

rtrouton

Thanks for your reply.. Actually, it worked as they mention it in the FAQ.