It's probably not the best way to do this, I'm almost positive there are better ways of getting a usable list of user profiles on the machine, but it should be pretty reliable. Then just run your script.Īlternatively, if it's easier or there are other considerations such as multiple people using the same machine, you could add the "approved" users to a list of users that you check for in step 3 of your script. Then, use your MDM (it sounds like you can run scripts through there right?) and target all machines EXCEPT for the ones you need to remain local admin. on each of the other ones, run the command to remove them from the admin group.iterate through that list, and exclude your local account (just use an if statement to skip over it if username="localadmin" or whatever).get a list of user profiles cached to the machine by using "ls" on the /Users folder and some way to get a bunch of strings containing only the usernames.Ensure your local admin account is an administrator (run the command to add a user to those groups, subbing in your username).But basically here's the general idea of what I'd do in my script: I am tired, so I'm not gonna come up with an actual script here. And yes, this does seem to work on both local and domain accounts accurately. I don't think I've had a case where the name of the user profile folder is NOT the same as the actual username on the machine.
#Uninstall office 2011 for mac jamf install
I was informed by the store that sold me my Mac that I could install office 64 bit and remove office 32 bit, but when I logged on to Microsoft I cannot find an.
#Uninstall office 2011 for mac jamf 32 bit
My Mac is updating to 64 bit and will no longer support the 32 bit version that I have installed. With that, you can use the folder names in /Users to get a rough idea of usernames that are on the machine. I have Office for Mac Home and Student 2011 - 1 Pack Product Key (FPP). If it doesn't give you any output, it worked successfully. I temporarily elevate the user so they can set the permission using those two commands. I can confirm 100% that this has the desired effect, I manually run these commands all the time since my remote control permissions keep breaking. Sudo dseditgroup -o edit -a -t user adminsudo dseditgroup -o edit -a -t user wheelĪgain, the '-a' is for 'adding' them to that group. If you do want to add someone as an administrator, you do this: The '-d' is what does the removal, or deletion, from those groups.
Sudo dseditgroup -o edit -d -t user adminsudo dseditgroup -o edit -d -t user wheel I don't know if the second command in here is required or not, but I've been using this and the reverse command (make an account a local admin) to allow users to temporarily have admin rights for setting the screen sharing permission: EDIT: Someone below reminded me of FileVault, don't do this if you have Filevault and aren't positive that it will work with that
0 kommentar(er)
