Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2628: How to allow non-admin users to unlock System Preference panels.

Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:19 AM

Applies to: All versions of Centrify DirectControl on Mac OS X 10.6 and higher.
 
Question:
 
Can non-admin users be allowed to unlock certain System Preference panels?
 

Answer:
 
Note:
  • The first methods work by editing the rights in the /etc/authorization file. 
  • Since OS X 10.9 and up no longer uses this file, only the "security authorizationdb ... " method will work.
See the following articles for more information:
(All external links are provided as a courtesy)
 
 
 
The commands given need to be added into the following GP:
  • Computer Configuration / Centrify Settings / Common UNIX Settings / "Specify commands to run"
 
 
For OS X 10.6, the only option is to unlock the entire System Preference panel and there is no option for individual Preferences:
 
  sudo /usr/libexec/PlistBuddy -c "Set :rights:system.preferences:group everyone" /etc/authorization
  sudo /usr/libexec/PlistBuddy -c "Set :rights:system.preferences:shared true" /etc/authorization
 
 
 
For OS X 10.7 and 10.8, individual System Preference panels can be set to be unlocked by default by adding the following commands into the GP at:
 
The first command is mandatory for the rest to work:
 
  sudo /usr/libexec/PlistBuddy -c 'Set :rights:system.preferences:group everyone' /etc/authorization
 
Then choose from the following list depending on the Preference panel(s) is desired to be accessed by all users:
 
  # Unlock Accessibiltity preference pane
  sudo /usr/libexec/PlistBuddy -c 'Set :rights:system.preferences.accessibility:group everyone' /etc/authorization
 
  # Unlock Date and Time
  sudo /usr/libexec/PlistBuddy -c 'Set :rights:system.preferences.datetime:group everyone' /etc/authorization
 
  # Unlock Energy Saver preference pane
  sudo /usr/libexec/PlistBuddy -c 'Set :rights:system.preferences.energysaver:group everyone' /etc/authorization
 
  # Unlock Network Settings preference pane
  sudo /usr/libexec/PlistBuddy -c 'Set :rights:system.preferences.network:group everyone' /etc/authorization
 
  # Unlock Print & Scan Preference pane
  sudo /usr/libexec/PlistBuddy -c 'Set :rights:system.preferences.printing:group everyone' /etc/authorization
 
  # Unlock Startup Disk Preference pane
  sudo /usr/libexec/PlistBuddy -c 'Set :rights:system.preferences.startupdisk:group everyone' /etc/authorization
 
  # Unlock Time Machine preference pane
  sudo /usr/libexec/PlistBuddy -c 'Set :rights:system.preferences.timemachine:group everyone' /etc/authorization
 
 
 
For OS X 10.9 and up, use the following commands instead:
 
The first command is mandatory for the rest to work:
 
  security authorizationdb write system.preferences allow
 
Then choose from the following list depending on the Preference panel(s) is desired to be accessed by all users:
 
  # Unlock Accessibiltity preference pane
  security authorizationdb write system.preferences.accessibility allow
 
  # Unlock Date and Time
  security authorizationdb write system.preferences.datetime allow
 
  # Unlock Energy Saver preference pane
  security authorizationdb write system.preferences.energysaver allow
 
  # Unlock Network Settings preference pane
  security authorizationdb write system.preferences.network allow
  security authorizationdb write system.services.systemconfiguration.network allow
 
  # Unlock Print & Scan Preference pane
  security authorizationdb write system.preferences.printing allow
 
  # Unlock Startup Disk Preference pane
  security authorizationdb write system.preferences.startupdisk allow
 
  # Unlock Time Machine preference pane
  security authorizationdb write system.preferences.timemachine allow


Note: Some preference panes do not support this method of unlocking, such as the Sharing pane.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.