datajar.mobi Local Admin Rights Management

Introduction

This Knowledge Base Article is intended for datajar.mobi technical contacts.

It is possible for datajar.mobi to provide a Self Service solution for end users to promote themselves and to become a local administrator on their macOS device.

This process will make the policy available to all local users on that specific device.

Process to Enable End User Promotion

You have two options to enable the promotion process for an end user:

1) Log a ticket with dataJAR support, providing the device name or serial number, requesting that you would like to allow the specific device the ability to promote users to a local administrator. 

2) If you have access to the dataJAR Simplified Management App, you can enable the policy by checking the "Allow Admins" tickbox.

3) Once ticked, ensure to click the "Save" button

More information on the Simplified Management App can be found here.

End-User Process

Once this has been enabled, users should use the Self Service policy to promote themselves to a local administrator.

1) Launch the Self Service Application from the Dock (if present) or your Application Folder

2) Find the policy "Policy - Make Admin" and click the "Admin Rights" button

3) This will promote the currently logged-in user and provide them with local admin rights, then request a logout

4) Save and quit your work and logout

5) After logging back in the process is complete

Note: This process will work for all users on an enabled device

Process to Demote Local Users

It's also possible to demote all local users (except for service accounts) and remove their local admin rights as they log in.

You have two options to enable the demotion process for an end user:

1) Log a ticket with dataJAR support, providing the device name or serial number, requesting that you would like to allow the specific device to demote any logging in users to remove their local admin rights.

2) If you have access to the dataJAR Simplified Management App, you can enable the process by unchecking the "Allow Admins" tickbox and clicking "Save"

More information on the Simplified Management App can be found here.

End-User Process

As a user logs in, they will be automatically demoted and have their local admin rights removed on this specific device, with the exception of local service account/s

If you require further assistance or support, please contact our support team.