Hi there,
Does anyone know of an extension attribute or a way to reference devices' current set login mechanism. This is to run authchanger policies whenever jamf connect isn't the set login mechanism i.e after macOS upgrades and every other state we've not yet encountered but could potentially revert the login mechanism back to macOS default.
I've found a script that does the check. Technically you could add the authchanger command to run if statement is false and set create a policy to run at every login/startup.
Coming from - https://github.com/sean-rabbitt/jamf-extension-attributes/blob/master/Is%20Jamf%20Connect%20login%20enabled.sh
#!/bin/bash
# Is Jamf Connect login window enabled
loginwindow_check=$(security authorizationdb read system.login.console | grep 'JamfConnectLogin:Initialize' 2>&1 > /dev/null; echo $?)
if [ $loginwindow_check == 0 ]; then
echo "<result>TRUE</result>"
else
echo "<result>FALSE</result>"
fi
Simiar to above, but use authchanger:
#!/bin/bash
# Extension Attribute to determine if Jamf Connect Login is enabled on system
if [[ -e /usr/local/bin/authchanger ]]; then
# Uses authchanger to check if any JamfConnectLogin mechs are enabled
if [[ $( /usr/local/bin/authchanger -print | grep JamfConnectLogin ) != "" ]]; then
/bin/echo "<result>Enabled</result>"
else
/bin/echo "<result>Disabled</result>"
fi
else
# Authchanger not installed,
/bin/echo "<result>No Jamf Connect</result>"
fi
Look into the com.jamf.connect.login key DisableUpdateWatcher
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.