Settings in the Admin By Request client application are controlled under “Mac Settings” in the “Settings” menu, when signed in to the portal. If you for what-ever reason want to overrule these settings on specific clients, you can set overruling policies in a policy file.
| Please note that we do not recommend that you use a policy file to control client behavior. Instead, we recommend that you use portal settings and sub settings for better transparency and for real-time control of computers off your LAN. If you have any questions about portal settings or would like a demo of these, please feel free to contact us. |
To overrule portal settings with a policy file, edit this file:
Note that this file is protected during administrator sessions and can therefore not be hacked by end-users. The file is in json format and has an example non-used setting by default, as shown below. Simply add more settings from the table below to overrule web settings.
Also note that any change to the policy file will take effect after next reboot. Alternatively, if a policy change must take effect immediately without a reboot, an admin user or MDM can restart the service using “sudo killall adminbyrequest”.
| Key | Type | Default | Description |
| AdminMinutes | Integer | 15 | Number of minutes the user is administrator. This can also be set in your portal settings. |
| AllowAppStore | Boolean | 1 | Allow users to install software from the App Store without admin rights or an active Admin By Request session. |
| AllowSudo | Boolean | 0 | Allow users to run sudo commands. Should not be enabled unless there is a good reason to, because it allows the user to tamper the endpoint software. |
| CompanyName | String | Overrules the company name that appears on user interfaces, which is by default the licensed company name. | |
| ComputerGroups | Array of Strings | Computer groups to match machine to sub settings when not using Active Directory. | |
| DockIcon | Boolean | 1 | Place an icon in the dock. |
| ExcludedAccounts | Array of strings | List of accounts that will not be downgraded to user role, such as service accounts. | |
| EnableSessions | Boolean | 1 | User can request an admin session. |
| EnableAppElevations | Boolean | 1 | User can authenticate apps without session. |
| Instructions | String | Body text on Code of Conduct (“Instructions”) screen. | |
| InstructionsHeader | String | Header text on Code of Conduct (“Instructions”) screen. | |
| LogoUrl | String | Url to download logo from. If not specified, default icons will be used. | |
| RemoveRights | Boolean | 1 | Downgrade users from Admin to User, unless the account is in excluded accounts or is a domain administrator in on a domain joined Mac. |
| RequireApproval | Boolean | 0 | Elevate without requiring someone to approve requests. |
| RequireReason | Boolean | 1 | Require reason to elevate. |
| RequireAppApproval | Boolean | 0 | Elevate Run As Admin without requiring someone to approve requests. |
| RequireAppReason | Boolean | 1 | Require reason to Run As Admin. |
| ShowInstructions | Boolean | 0 | Show Code of Conduct screen. |
| UploadInventory | Boolean | 1 | Upload inventory data to the portal. |
| UserGroups | Dictionary with array of strings | User groups to match machine to sub settings when not using Active Directory. |
With the addition of the ComputerGroups and UserGroups keys in macOS version 3.0, see the example below:
Join the free webinar: achieve security & compliance on your Linux endpoints.
Strong weekend for Kevin Magnussen who secured one championship point on the team’s home soil in Miami!
K-Mag was inside the top 10 when he unfortunately ran wide in a corner and lost positions.
