262-299-4606 • Email us

Policies on Mac

Settings in the Admin By Request client application are controlled under "Mac Settings" in the "Settings" menu, when signed in to the portal. If you for what-ever reason want to overrule these settings on specific clients, you can set overruling policies in a policy file.


To overrule web settings with a policy file, edit this file:
/Library/Application Support/Admin By Request/adminbyrequest.override

Note that this file is protected during administrator sessions and can therefore not be hacked by end-users. The file is in json format and has an example non-used setting by default, as shown below. Simply add more settings from the table below to overrule web settings.

{
      "ExampleSetting": "ExampleValue"
}


KeyTypeDefaultDescription
AdminMinutesString15Number of minutes the user is administrator. This can also be set in your cloud settings.
AllowAppStoreBoolean0Allow users to install software from the App Store without admin rights or an active Admin By Request session.
AllowSudoBoolean0Allow users to run sudo commands. Should not be enabled unless there is a good reason to, because it allows the user to tamper the client software.
CompanyNameStringOverrules the company name that appears on user interfaces, which is by default the licensed company name.
DockIconBoolean1Place an icon in the dock.
DockIconNameStringAdministrator AccessName of dock icon (overrules default name). Note that a change of name only takes effect after next reboot.
ExcludedAccountsArray of stringsList of accounts that will not be downgraded to user role, such as service accounts.
InstructionsStringBody text on Codes of Conduct ("Instructions") screen.
InstructionsHeaderStringHeader text on Codes of Conduct ("Instructions") screen.
LastAdminCheckBoolean1Prevents downgrading the last admin account on the computer, unless it is domain joined. Refer to the FAQ for more information.
LogoUrlStringUrl to download logo from. If not specified, default icons will be used.
RemoveRightsBoolean1Downgrade users from Admin to User, unless the account is in excluded accounts or is a domain administrator in on a domain joined Mac.
RequireApprovalBoolean0Elevate without requiring someone to approve requests.
RequireReasonBoolean1Require reason to elevate.
ShowInstructionsBoolean0Show Codes of Conduct screen.
UploadInventoryBoolean1Upload inventory data to the portal.