Unlock Specific Preference for non-admin account

k3vmo
Contributor II

I'd like to unlock Network Preferences for non-admin accounts under Sierra and High Sierra.
I've worked enough with security authorization db that I can unlock panes like Printing - however, I haven't yet found a solution for Network - despite Google.

How can I unlock Network Preferences for my non-admin accounts

10 REPLIES 10

EduMac89
New Contributor II

I normally send these commands out via ARD / Jamf:

security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.network allow
security authorizationdb write system.services.systemconfiguration.network allow

I can confirm it worked on Sierra - haven't tested on High Sierra yet so there may be some discrepancies.

jimmy-swings
Contributor II

Anyone worked out how to unlock Security & Privacy?

k3vmo
Contributor II

It works beautifully under 10.13.3 and on Sierra.

easyedc
Valued Contributor II

I used this a long time ago but I think it's still relevant go here and go here with the help of @rtrouton and @bentoms (who did the donkey work back in the day).

Doing some Googlin' I come across what appears to be a pretty solid (and up to date) list of what/where you can grant rights check me out.

@jaz TL;DR - try system.preferences.security

jimmy-swings
Contributor II
root# security authorizationdb write system.preferences.security allow 
YES (0)

is actually no...

cwaldrip
Valued Contributor

So, I'm running 10.12 and trying to unlock the Network preference pane using the following commands with Outset from the boot-once (would be running with root access, right?) folder...

#!/bin/bash
security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.security allow
security authorizationdb write system.services.systemconfiguration.network allow

But the Network prefpane is still locked. If I run the commands manually (with sudo as a sudo eligible user) the prefpane is still locked even though I got YES (0) as a response. I log out and back in (assuming it needs that), and it's still locked. Restart, and it's still locked.

If I run security authorizationdb read... each preference shows "allow".

Anyone have any idea what I'm missing?

al_erickson
New Contributor

@cwaldrip I notice that you're writing to Security preferences, but expecting it to take effect in Network preferences. The following should work - it does in my environment.

#!/bin/sh
security authorizationdb write system.preferences.network allow
security authorizationdb write system.services.systemconfiguration.network allow

cwaldrip
Valued Contributor

@al.erickson That was exactly my problem. Thanks. I must have copy/pasted the wrong thing at some point and not noticed. :facepalm:

G_M_
New Contributor III

@EduMac89 Just a question:
what's the need of this?

security authorizationdb write system.preferences allow

Aren't enough those 2 below..?

security authorizationdb write system.preferences.network allow
security authorizationdb write system.services.systemconfiguration.network allow

TimArnold
New Contributor II

@G.M. security authorizationdb write system.preferences allow is required as a prerequisite of the other commands.

One way to think of it is a hierarchy, where system.preferences is the top level and the others are sub-level. You need to allow access to the top-level so that the other commands can be applied properly.