In windows we could use relevance: members of local group "administrators"
How could I use it on a macOS computer?
Thanks for help.
Unfortunatelye hereās another place where the Mac inspectors are not in parity with the Windows inspectors. It would be idea to use the āadmin privilege of ā to determine the users with admin rights, but it only supports Windows and Ubuntu.
Using some older threads I came up with this:
concatenation ", " of strings of values of array "users" of dictionary of file "/private/var/db/dslocal/nodes/Default/groups/admin.plist"
Older threads:
https://www.ibm.com/developerworks/community/forums/html/topic?id=e324ca4d-d537-477d-b7f0-097ea4f546ca
1 Like
Here is an analysis that covers this: https://bigfix.me/analysis/details/2994546
1 Like
Thanks for help. We will tried it.
That older inspector thing we should take down, and it had a bug where every inspector was available on Ubuntu (I have no idea why)
You should always use https://developer.bigfix.com instead as we are actively keeping this one up to date
1 Like
Well it seems that Mojave has struck againā¦
(number of values of array of value of entry whose(key of it = āusersā) of dictionary of file ā/var/db/dslocal/nodes/Default/groups/admin.plistā) no longer works as the default folder permissions have changed . 
Sounds like weāll have to run a task to output the information to a plist for analysis. Damn it, Apple.
This is one of those areas where I think an inspector for stdout of with limited access to subcommands would be very useful. In this case, dscl.
1 Like
Is there already an RFE for this? Has it been requested and denied in the past?
I havenāt submitted one. I should. But Iāve been saying it so long, in person and in writing, and had feedback from BigFixers indicating they realize the issues of living in an SIP world, that Iām kinda fatigued on the whole thing.
Please do submit one. This is one of those parity to Windows items we could easily get in if enough people wanted it
2 Likes
I finally got around to making the RFE:
http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=130013
You can get this to work again if you grant the BESAgent process āFull Disk Accessā, which you can do manually through System Preferences > Security & Privacy > Privacy > Full Disk Access or with a configuration profile if you have an MDM (also requires DEP or āUser Approvedā MDM). Look into āApple TCCā and the āPrivacy Preferences Policy Controlā config profile payload for more info.