In windows we could use relevance: members of local group "administrators"
members of local group "administrators"
How could I use it on a macOS computer?
Thanks for help.
Unfortunatelye here’s another place where the Mac inspectors are not in parity with the Windows inspectors. It would be idea to use the 'admin privilege of ’ to determine the users with admin rights, but it only supports Windows and Ubuntu.
Using some older threads I came up with this:
concatenation ", " of strings of values of array "users" of dictionary of file "/private/var/db/dslocal/nodes/Default/groups/admin.plist"
Here is an analysis that covers this: https://bigfix.me/analysis/details/2994546
Thanks for help. We will tried it.
That older inspector thing we should take down, and it had a bug where every inspector was available on Ubuntu (I have no idea why)
You should always use https://developer.bigfix.com instead as we are actively keeping this one up to date
Well it seems that Mojave has struck again…
(number of values of array of value of entry whose(key of it = “users”) of dictionary of file “/var/db/dslocal/nodes/Default/groups/admin.plist”) no longer works as the default folder permissions have changed .
Sounds like we’ll have to run a task to output the information to a plist for analysis. Damn it, Apple.
This is one of those areas where I think an inspector for stdout of with limited access to subcommands would be very useful. In this case, dscl.
Is there already an RFE for this? Has it been requested and denied in the past?
I haven’t submitted one. I should. But I’ve been saying it so long, in person and in writing, and had feedback from BigFixers indicating they realize the issues of living in an SIP world, that I’m kinda fatigued on the whole thing.
Please do submit one. This is one of those parity to Windows items we could easily get in if enough people wanted it
I finally got around to making the RFE:
You can get this to work again if you grant the BESAgent process “Full Disk Access”, which you can do manually through System Preferences > Security & Privacy > Privacy > Full Disk Access or with a configuration profile if you have an MDM (also requires DEP or “User Approved” MDM). Look into “Apple TCC” and the “Privacy Preferences Policy Control” config profile payload for more info.