{"id":49583780,"url":"https://github.com/reponomadx/macos-elevated-admin-ws1","last_synced_at":"2026-05-03T21:37:08.030Z","repository":{"id":302379196,"uuid":"1012250085","full_name":"reponomadx/macos-elevated-admin-ws1","owner":"reponomadx","description":"Grant temporary admin rights to macOS users using Workspace ONE UEM by deploying a dummy package with no scripting required.","archived":false,"fork":false,"pushed_at":"2025-07-02T06:05:07.000Z","size":1579,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-03T21:36:57.532Z","etag":null,"topics":["admin-rights","automation","deployment","euc","macos","mdm","pkg","uem","workspace-one","workspace-one-uem"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/reponomadx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-02T03:56:18.000Z","updated_at":"2025-07-02T06:05:10.000Z","dependencies_parsed_at":"2025-07-02T04:46:56.715Z","dependency_job_id":null,"html_url":"https://github.com/reponomadx/macos-elevated-admin-ws1","commit_stats":null,"previous_names":["reponomadx/macos-elevated-admin-ws1"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/reponomadx/macos-elevated-admin-ws1","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reponomadx%2Fmacos-elevated-admin-ws1","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reponomadx%2Fmacos-elevated-admin-ws1/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reponomadx%2Fmacos-elevated-admin-ws1/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reponomadx%2Fmacos-elevated-admin-ws1/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/reponomadx","download_url":"https://codeload.github.com/reponomadx/macos-elevated-admin-ws1/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reponomadx%2Fmacos-elevated-admin-ws1/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32586187,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-03T06:36:36.687Z","status":"ssl_error","status_checked_at":"2026-05-03T06:36:09.306Z","response_time":103,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["admin-rights","automation","deployment","euc","macos","mdm","pkg","uem","workspace-one","workspace-one-uem"],"created_at":"2026-05-03T21:37:07.390Z","updated_at":"2026-05-03T21:37:08.023Z","avatar_url":"https://github.com/reponomadx.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cimg src=\"reponomadx-logo.jpg\" alt=\"reponomadx logo\" width=\"250\"/\u003e\u003c/img\u003e\n# macOS Elevated Admin Rights with Workspace ONE\n\n[![Platform](https://img.shields.io/badge/Platform-macOS-lightgrey)](https://www.apple.com/macos/)\n[![Workspace ONE](https://img.shields.io/badge/Workspace%20ONE-UEM-blue)](https://www.vmware.com/products/workspace-one.html)\n[![License](https://img.shields.io/badge/License-MIT-green)](LICENSE)\n[![Status](https://img.shields.io/badge/Status-Active-success)]()\n\n\u003e Grant temporary admin rights to macOS users using Workspace ONE UEM and a dummy app deployment — no scripting required.\n\n---\n\n## 📖 Summary\n\nThis workflow enables macOS users to be granted **temporary administrator access** using Workspace ONE UEM. It uses a dummy `.pkg` file that installs no actual software but contains a postinstall script that adds the current console user to the `admin` group.\n\nThe process is managed entirely through the Workspace ONE console — no external scripts, APIs, or custom workflows are required.\n\n---\n\n## 🧰 Requirements\n\n- Workspace ONE UEM Console access  \n- macOS devices enrolled via DEP or MDM  \n- Download the [Packages App](http://s.sudre.free.fr/files/Packages_1211_dev.dmg) by WhiteBox\n  (This is the latest developer build with bug fixes; mount and install the `.dmg` after download)\n- Workspace ONE Admin access to create Smart Groups and Internal Apps  \n\n---\n\n## 📦 Step 1: Create a Dummy Package\n\nWe are going to use a dummy package to deliver post-install and post-uninstall scripts.  \nUse the [Packages App](http://s.sudre.free.fr/files/Packages_1211_dev.dmg) to create this.\n\n1. Open Packages App. Pick **Raw Package** and click **Next**\n2. Give it a name. (Example: `macOS Admin Elevation`)\n3. Go to the **Build** menu, and click **Build**\n4. Your package will be in the **project directory under `/build`**\n5. Use the [Workspace ONE Admin Assistant Tool](https://docs.omnissa.com/bundle/Admin-AssistantVSaaS/page/Download.html) to create the Plist for uploading to the UEM console.\n\n\u003cimg src=\"Packages App 1.avif\" alt=\"Packages App Template\"/\u003e\u003c/img\u003e\n\n\u003cimg src=\"Packages App 2.avif\" alt=\"Packages App Name\"/\u003e\u003c/img\u003e\n\n\u003cimg src=\"Packages App 3.avif\" alt=\"Packages App Build\"/\u003e\u003c/img\u003e\n\n\u003cimg src=\"Packages App 4.avif\" alt=\"Packages App Location\"/\u003e\u003c/img\u003e\n\n\n---\n\n## 👥 Step 2: Create a Smart Group\n\nCreate a Smart Group that will control which devices receive the elevated rights package.\n\nSteps:\n\n1. In the Workspace ONE Console, go to:  \n   **Groups \u0026 Settings \u003e Groups \u003e Assignment Groups**\n2. Click **Add Smart Group**\n3. Name the group (e.g., `macOS Admin Elevation`)\n4. Configure assignment logic:\n   - Manually assign devices  \n   - Or use a Tag (e.g., `MacOS Admin Elevation`) for dynamic membership\n\n\u003cimg src=\"Smart Group.jpg\" alt=\"Smart Group\"/\u003e\u003c/img\u003e\n\n\u003e ✅ Any device added to this Smart Group will receive the app and be granted admin rights.\n\n---\n\n## 🚀 Step 3: Upload and Assign the App\n\nUpload the `.pkg` to Workspace ONE as an Internal App.\n\nSteps:\n\n1. In the Workspace ONE Console, go to:  \n   **Apps \u003e Native \u003e Internal \u003e Add Application**\n2. Upload the file: `macOS Admin Elevation.pkg`\n3. Upload the Plist created by the Workspace ONE Admin Assistant tool\n4. Set the **Post-Install Script** and **Post-Uninstall Script** as shown below\n5. (Optional) Give it an icon\n6. Click **Save \u0026 Assign**\n7. Click **Add Assignment**\n8. Assign to the Smart Group from Step 2.  \n   You can use **Auto** or **On-Demand** assignment\n9. Click **Add**, then **Save \u0026 Publish**\n\n### 📝 Post-Install Script:\n```bash\n#!/bin/bash\n\nloggedInUser=`/usr/bin/stat -f%Su /dev/console`\n\nif [ \"$CurrentUser\" == \"root\" ] || [ \"$CurrentUser\" == \"_mbsetupuser\" ]; then\n  exit 0\nfi\n\n#adds user to admin group (post-install)\ndseditgroup -o edit -a \"$loggedInUser\" -t user admin\n```\n\n### 📝 Post-Uninstall Script:\n```bash\n#!/bin/bash\n\nloggedInUser=`/usr/bin/stat -f%Su /dev/console`\n\nif [ \"$CurrentUser\" == \"root\" ] || [ \"$CurrentUser\" == \"_mbsetupuser\" ]; then\n  exit 0\nfi\n\n#removes user from the admin group (post-uninstall)\ndseditgroup -o edit -d \"$loggedInUser\" -t user admin\n```\n\n---\n\n## 🔄 Removing Admin Rights\n\nTo revoke admin rights:\n\n1. Remove the device from the Smart Group  \n   (e.g., delete the `macOS Admin Elevation` tag)\n2. Workspace ONE will uninstall the dummy package\n\n---\n\n## 📄 License\n\nMIT License – see [LICENSE](LICENSE) for full details.\n\n---\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freponomadx%2Fmacos-elevated-admin-ws1","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Freponomadx%2Fmacos-elevated-admin-ws1","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freponomadx%2Fmacos-elevated-admin-ws1/lists"}