Hi All!
I received a lot of inquires after presenting at the MacAdmins @ PSU conference today for my admin escalation script. Here’s the code below:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Get username of current logged in user | |
| # This method breaks if you allow multiple accounts logged in. | |
| USERNAME=$(ls -l /dev/console | awk '{print $3}') | |
| membership=$(dsmemberutil checkmembership -U $USERNAME -G admin) | |
| if [ "$membership" == "user is not a member of the group" ]; | |
| then | |
| if ! launchctl list|grep -q com.apple.atrun; then launchctl load -w /System/Library/LaunchDaemons/com.apple.atrun.plist; fi | |
| /usr/sbin/dseditgroup -o edit -a $USERNAME -t user admin | |
| echo dseditgroup -o edit -d $USERNAME -t user admin|at now +2 minutes &>/dev/null | |
| /Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType hud -title "Self Service" -heading "You're now an admin. Go, go, go!" -button1 "Ok" | |
| fi |
It does rely on Jamf Helper but you can swap that line with Cocoa Dialogue or AppleScript.
I’ll write a more formal post about my talk in the coming weeks. Thanks everyone for coming!
jonmann.nyc 