"killall Dock" clears the timer allowing for infinite admin

[timjd4]

Currently have Privileges configured to use the dock toggle function with a 20min limit set via profile. The app itself can't be launched because it's blocked by Jamf restricted software.

Everything works as expected unless the Dock process is killed via terminal or anything that relaunches the Dock. The badge timer goes away and the user is admin unless they toggle it off themselves.

[phonegi]

I am experiencing the same behavior when using the "Admin Rights Timeout" setting in an MDM payload. If a user toggles to admin mode, the countdown begins as expected. However, if the user reboots while in Admin mode, after logging back in Privileges initiates in Admin mode and remains in Admin mode indefinitely until the user manually toggles back to standard mode.

The expected behavior is that Privileges would switch to standard mode upon screen lock, logout, or reboot.

I've created a workaround in the form of a LaunchAgent that runs PrivilegesCLI --remove. This will work for logout and reboot, but not screen lock.

corp.sap.privileges.standard.plist.txt

[timjd4]

I have a similar thing in place where Jamf demotes via PrivilegesCLI at login but we have a few apps in Self Service that add items to the dock and when the dock restarts the icon remains orange with admin privs but no timer.

[timjd4]

Does that mean the issue has been fixed or can't be fixed? Looks like the same behaviour for v1.5.4

[mthielemann]

This behavior will change in a future version of Privileges.