Give Standard Users Temporary Admin Rights

jared_f
Kind of a big deal

Give Standard Users Temporary Admin Rights

I saw this on twitter and thought it was interesting. The app "Privileges" was developed by Rich Trouton and his team at SAP. Once installed, the app allows users to click it and upgrade there account to an admin account and then it demotes after 20 minutes. 

 

Here is the Github link:

https://github.com/SAP/mac-enterprise-privileges

 

Would anybody here deploy this?

Find this helpful? Click the kudos button. Thanks!
8 REPLIES 8
PhilipDAth
Kind of a big deal
Kind of a big deal

What's wrong with sudo?

jared_f
Kind of a big deal

@PhilipDAth Nothing is wrong with Sudo. I execute everything I do remotely that doesn't need to be done on the user level with Sudo. This is more of an end user app. For example, a user needs to install software and doesn't have to put in a request to do it. It gives the security of only having standard users, but having them be able to lift it when they need it.

Find this helpful? Click the kudos button. Thanks!

This is something I am interested in trialling with Staff at my workplace. I will be bringing this up in our next team meeting i think and will get some of my guys to test it out.

 

Thanks @jared_f

What are some use cases where you need people to have temporary admin access?

 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

@Adam staff might want to install software (we are happy for them to do this) but would prefer they don't adjust system settings. 

 

We currently have our users as standard accoutns but they have a seperate admin account on their machine which they can use.  The thing i like about this app is the 20 min timeout. 

@BlakeRichardson but conceptually during that 20 minutes they can still adjust system settings and whatever else they want right?

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

@Adam Yes thats correct. The benefit that I see for this is less work in reagrd to setting up for my department. 

 

This is one of the pitfalls of they way Apple deals with security poilicies. Its all of nothing when it comes to being an admin whereas Windows is a bit more flexible. 

jared_f
Kind of a big deal

Using configuration profiles to block out certain system preferences (i.e. profiles) and restricting certain software (Disk Utility, Terminal, Etc.) is good for keeping most things that aren't allowed to be touched protected. In addition, having policies and email alerts in Meraki are helpful. It seems that Meraki is no longer looking to add features to the MacOS side, but a kill function for the running programs would be helpful. I have been personally trying this app, and I think it is nice to have standard users be able to elevate their privileges to delete apps, run installers, etc.

 

 

Find this helpful? Click the kudos button. Thanks!
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels