Elevating Activity Monitor
Authorizationdb Right: com.apple.activitymonitor.kill
This action can be used to elevate killing processes that do not belong to the logged in user in Activity Monitor while it is running. The right will be elevated for the duration that Activity Monitor is running. Once the application is quit, the right will be restored to its default.
Advanced message actions such as Approval, Deny, Justification, or Warning should not be used in conjunction with this action.
Example Application: Activity Monitor
-
Using the Policy Wizard, create a controlling policy, click Next Step.
-
Select Elevate, click Next Step.
-
Select Run Silently, click Next Step.
-
Select Executables, click Next Step.
-
Select Modify Authorization Database, click Next Step.
-
Select Existing Filter, search for select the App Bundle filter for Activity Monitor. If it doesn't exist, create it.
-
Click Update.
-
Click Next Step.
-
Name your policy, add a description.
-
From the Right Name drop-down, select Activity Monitor Kill Authorization Right (com.apple.activitymonitor.kill) for macOS versions older than Sequoia, or Activity Monitor Sudo Authorization Right (com.apple.activitymonitor.sudo) for macOS Sequoia and later. To support all macOS versions, the policy should include both rights (select one now, and add the other in Actions after creating the policy).
-
Click Create Policy.
-
Set the Inactive switch to Active.
-
Next to Deployment click the i icon and run the Resource and Collection Targeting Update task.
What to Expect on the Endpoint
-
With a policy in place, when Activity Monitor is running and the policy is effective and you try to kill a process that doesn't belong to you and you click Force Quit, the process will be terminated without prompting you for administrator credentials.
-
Without a policy in place, when Activity Monitor is running and you try to kill a process that doesn't belong to you, it will present this dialog:
