We have a small collection of Macs at the office and are struggling with how to make all new network accounts local administrator.

What we have managed to do is make all new network users adminstrators, but only when they log on with network access to the Active Directory. In other words, network users are only administrators as long as the Mac is at the office. Once they take the Mac off the premises they are no longer local admin.


Is there a simple way to make all accounts, even network accounts, local admin? Even when the company network is unavailable?


Appreciate any help I can get!

Answer Summary:
0 Comments   [ - ] Hide Comments


Please log in to comment

Answer this question or Comment on this question for clarity


Make the users a member of the local admins group on the machine?
Answered 07/25/2014 by: EdT
Red Belt

  • That's what we did. We added a group with all AD accounts to the local admins group but the admin rights are removed when the computer is disconnected from the corporate network.
    What I need is some way to make all users, new and old, local admin.
Please log in to comment
You can use the following command to add a user as admin:
sudo dseditgroup -o edit -a ActiveDirectoryUserID -t user admin

For a small set of machines and users you could run the command for each user. 

Also, check this thread on the MacEnterprise list for how to automatically add users as admin at login:

Answered 07/25/2014 by: chucksteel
Red Belt

Please log in to comment