The user in our Organization are not allowed to have admin permissions on their macs. They also use Eduroam to connect to the wireless network. When they change their password, which hapends every 90 days, sometimes the pop-up to re-enter the password doesn't work. Sice they are not admin on the computer, they are not able to forget the network to re-join with new credentials. Is there a Config Profile that would allow standar user to change network settings? if not, is there a group that would allow it, similar to lpadmin for allowing standar user to change printer settings?
Device management is moving away from configuration profiles to declarative configurations, but I get what you're asking here 😄
Historically, organizations have achieved this on macOS by using security authorizationdb commands of various kinds to change certain OS authorization prompts and what types of accounts are allowed to authenticate in those scenarios.
That being said - System Preferences eventually became the Settings app we have today, and they contents have flowed and changed to adapt with modern OS design - and not all the previous solutions IT organizations had developed using security authorizationdb commands continue to work with these changes.
And to your point - this is also complicated by the fact there's no native MDM capability directly for this. Organizations achieved these command runs either using local agents that their MDM vendor offered or other IT solutions - nothing directly supported by Apple itself.
It would be extremely helpful if you could file a Feedback with your Developer account that captures your above mentioned use case (and any other similar needs regarding authorization prompt changes for standard users - call out each) - and explicitly mention your desire for this to work directly as an MDM configuration, without the need for additional local automation.
Feel free to post the FB# of the Feedback in this thread once you've filed it, or if you've already filed something in that space you can mention that as well.
