Tuesday, April 30, 2013

Local administrator credentials not holding outside Active Directory network

Our organization uses an Active Directory user group to grant local administrator access to a computer for specific AD users. We recently noticed that this setting wasn't "sticking" on computers running OS X 10.8.3 when they left our local network either at home or when hopping onto an outside connection without access to our Active Directory infrastructure. The user can still login but cannot install software or perform any other tasks that require local administrative access.

From the administrator account, you must type the following into the Terminal:

sudo dscl . -append /Groups/admin GroupMembership USERNAME - where USERNAME is the particular Active Directory username you would like to grant local administrator access.

Note: This tip assumes the "Create mobile account at login" option is selected in Directory Utility and it has not been tested when mobile accounts are not being used.

No comments:

Post a Comment