DetectLocalAdmins.sh

I second this :-)

Can't seem to find it either

this one?

#!/bin/bash

# extension attribute script to detect if a computer has a local admin
account on it with an UID of above 500 # # generate user list of users with UID greater than 500

userList=$(/usr/bin/dscl . list /Users UniqueID | /usr/bin/awk '$2 >
500 { print $1 }')

# now loop through results and test for membership of the admin group

for u in ${userList} ; do if [[ `/usr/bin/dscl . read /Groups/admin GroupMembership |
/usr/bin/grep -c ${u}` == 1 ]] then /bin/echo "<results>${u} is in the admin group</results>" else /bin/echo "${u} is not an admin.." fi done

copy/paste that into the JSS as an extension attribute and it should
work

JAMF Nation has a bug in it currently preventing me from posting my scripts because it kills tab formatting. Tom may be holding off for the same reason…

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

No Tom is just lazy.....and my trip to Minneapolis landed me a cold. Looks like I had too much fun and a few too many IPAs.

:-)

In the interests of skinning the cat multiple ways...here is one I whipped
up for someone on another list last week. Same basic idea.

Initialize array
get users > 500
check for NOT not an admin
add to array
print array

#!/bin/bash

list=()

for username in $(dscl . list /Users UniqueID | awk '$2 > 500 { print $1
}'); do if [[ $(dsmemberutil checkmembership -U "${username}" -G admin) !
*not* ]]; then list+=("${username}") fi
done

echo "result>${list[@]}</result"

Ryan M. Manly
Glenbrook High Schools

Having fun with functions?