- Jamf Nation Community
- Products
- Jamf Pro
- Unlock System Preferences in 10.9?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-13-2013 06:41 AM
I came across a problem we have with Mavericks in reguards to the unlock of system preferences.
As our users are non admin users on there machines they can acess some system resources like Network settings without them.
After testing Mavericks we came across that this is not working any longer in the know way via the authorization file.
According to AFTP548.com it's using a DB now for this purpose.
But even with this solution provided here: http://www.afp548.com/2013/10/22/modifying-the-os-x-mavericks-authorization-database/ it's not working.
The error we get is: NO [-60005]
The clients has been upgraded from 10.8 to 10.9.
Any ideas about this?
Thanks for your help
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-13-2013 07:20 AM
I think you need to have
security authorizationdb write system.preferences allowbefore trying to unlock single PrefPanes.
After that you can do for example
security authorizationdb write system.preferences.datetime allowto unlock Date&Time Prefs.
To unlock Network Prefs, you need
security authorizationdb write system.preferences.network allow
security authorizationdb write system.services.systemconfiguration.network allow
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-13-2013 07:19 AM
Are you calling `security authorizationdb` as root or via sudo? Hard to diagnose when you don't show your work!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-13-2013 07:20 AM
I think you need to have
security authorizationdb write system.preferences allowbefore trying to unlock single PrefPanes.
After that you can do for example
security authorizationdb write system.preferences.datetime allowto unlock Date&Time Prefs.
To unlock Network Prefs, you need
security authorizationdb write system.preferences.network allow
security authorizationdb write system.services.systemconfiguration.network allowOptions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-13-2013 07:28 AM
Thanks Chris.
After a reboot this works like charme.
Is there a source where I can find all system.preferences files that might be able to be unlocked?
Cheers,
Maik
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-13-2013 07:45 AM
Here's a list for Mountain Lion
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-13-2013 08:00 AM
Thanks Chris.
Hope that some of them are still working in 10.9
Cheers,
Maik
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-17-2014 05:28 PM
Sorry to necro post, but Is there a way to enable only a certain piece of the networking Preference Pane? Specifically, the proxies section. My users are also not Admins but require to make changes to the proxy settings for testing. Is there any way to do this easily? A script was written to allow this via the command line, but unfortunately it only allows entry of 1 proxy at a time. A GUI solution would work the best. Any ideas?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-17-2014 06:06 PM
pretty sure you cant have that level of granularity. i would suggest creating an application/script available via self service that prompts the user for the proxy servers and then writes that out using networksetup. using self service should allow the script/application to run with elevated privileges for non-admins
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-18-2014 11:39 PM
jrserapio said:
" Is there a way to enable only a certain piece of the networking Preference Pane? Specifically, the proxies section"
I've used Locations for that purpose in the past. The only difference between each Location is the proxy entry. Quick & easy to flip between proxies and can also be scripted with networksetup.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-03-2014 05:51 AM
Hi Chris can you please help me in unlocking the sharing panel in system preference "security authorizationdb write system.preferences.sharing allow" didn't work.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-03-2014 09:20 AM
Thanks for the replies. Calum - That is a good idea. I will see if i can get something like that going. Basically the userbase is Developers who dont have admin rights. gchallis - Thanks for the response, but i would need to have an overwhelming amount of different locations to meet their needs going that route. The users change their proxies constantly for testing, which makes it a bit more difficult.
