Endpoint Services, Munki, Deploying Privileges.app for Remote Support
This article describes how to use the SAP Privileges application in order to temporarily grant standard users administrative access on their Macs.
Munki Mac Endpoint Management
University of Illinois IT Pros leveraging Munki Mac Endpoint Management
The free Privileges application by SAP can help in support situations when remote workers do not have administrator rights on their macOS device. The application uses a privileged helper tool to grant standard users administrator rights upon request, and will also revoke it upon request.
Please note: Privileges is supported on macOS 10.15 and below; it will install on, but not work with, macOS 11 (Big Sur).
In a macOS support scenario where the remote user is temporarily in need of administrator rights, the IT Pro can take the following steps:
- Add Privileges to the managed installs sections of the device's serial number Munki manifest.
- Instruct the end user to run Managed Software Center and install Privileges.
- Instruct the end user to launch /Applications/Privileges (or perform a Spotlight search), and when prompted, complete the request for administrator rights.
- The end user is now an administrator on their Mac.
- You can confirm this by opening System Preferences - Users & Groups, selecting their account, and noting that the box to "Allow user to administer this computer" is now checked.
After the remote support task has been completed and the need for administrator access has passed, the IT Pro should do the following:
- Instruct the end user to click on the Privileges icon in the Dock, and when prompted, complete the request to remove administrator rights.
- You can confirm this by opening System Preferences - Users & Groups, selecting their account, and confirming that the box to "Allow user to administer this computer" is now unchecked. (If System Preferences was already open, you may need to quit and reopen to refresh the displayed setting.)
- If you skip this step, the end user will be left with administrator rights, which may be a violation of your departmental security policy.
- Move Privileges to the managed uninstalls section of the Munki manifest.
- Instruct the end user to run Managed Software Center and uninstall Privileges.
- If you are unable to confirm the uninstallation via a screen-sharing session, view the device record in MunkiReport and check the Managed Installs status of Privileges.app.
Visit GitHub for more information about the Privileges app.