v1.1.0 - Reliable Admin Rights Management with Full Logging and Debug Support

v1.1.0 - Reliable Admin Rights Management with Full Logging and Debug Support

What's New

• ✅ Introduced optional DEBUG_MODE to enable detailed internal debug logging during testing and troubleshooting.
• ✅ Structured logging system now writes INFO, WARN, ERROR, and DEBUG entries into /var/log/admin_rights_update.log with full timestamps.
• ✅ Script now logs start and completion timestamps to aid with audit trails.
• ✅ Improved detection of the logged-in console user using scutil show State:/Users/ConsoleUser, ensuring reliable operation inside Jamf Pro agent context.

Changes

• 🔄 Removed the previous get_logged_in_user() function to avoid user detection failures caused by hidden or corrupted characters.
• 🔄 Replaced all admin group modifications with dseditgroup for compatibility with local, MDM, and mobile users.
• 🔄 Simplified user detection directly inside the main() function for faster, more reliable performance.

Fixes

• 🛠 Eliminated issues where the logged-in user could not be accurately detected when running under Jamf Pro.
• 🛠 Fixed false error messages when promoting or revoking admin rights if user state was already correct.

Notes

• This script is now production-ready for deployment through Jamf Pro policies.
• Designed and tested on macOS 15+.
• Fully supports FileVault-enabled, SecureToken-bound, and network users.
• Script execution must be performed as root for group modification commands to succeed.