Hello everyone is there a script out there that determines the user's log-in time for when they have successfully logged into Jamf Connect? I believe I would need to create an extension attribute for this sort of request.
After I have created the extension attribute, We would then want to create a smart group in Jamf based on the created Extension Attribute.
Jamf provides an extension attribute for this. Pretty much anything you would ever want to get from JAMF connect can be found in /Users/{username}/Library/Preferences/com.jamf.connect.state.plist.
#!/bin/bash
# Jamf Connect state - Is the last successful sign-in within the specified number of days
# Copyright (c) 2020 JAMF Software, LLC
#
# Script type: Jamf Pro Extension Attribute
# Usage: The last time someone successfully signed in to the Jamf Connect menu bar agent
# is stored in com.jamf.connect.state.plist located in ~/Library/Preferences
# Report back as an EA either
# No record found - either the com.jamf.connect.state.plist does not exist, or the user never signed in
# Over limit - The last sign-in is older than the number of days we specified below
# Within limit - The last sign-in is within the range of the number of days we specified below
# Why: The info can be used to create a Smart Computer Group to remediate password sync.
# For example, use the Smart Computer Group as a target scope for :
# a Configuration Profile that adds the DenyLocal key for com.jamf.connect.login set to TRUE to force an IDP login at next power cycle
# a Policy that reboots the machine after X minutes of idle
# a Policy that updates the inventory of the machine every X hours to make sure the user logged in
# a Configuration Profile that adds RequireSignIn to TRUE to com.jamf.connect
# LIMITATIONS: This EA will only update on an inventory update in Jamf Pro, so schedule your inventory
# recons appropriately.
# ADMIN: Change the next line to the number of days you want to check. In this case, we're checking to see if
# a user has logged in successfully within the last
LastSignInMaxAge=14 # Numeric value in DAYS
#Get current signed in user
currentUser=$(ls -l /dev/console | awk '/ / { print $3 }')
# Path to the preference with our current user's shortname
jamfConnectStateLocation=/Users/"$currentUser"/Library/Preferences/com.jamf.connect.state.plist
# Read the preference key from the .plist with PlistBuddy. If no preference, LastSignIn will be "No record found"
LastSignIn=$(/usr/libexec/PlistBuddy -c "Print :LastSignIn" "$jamfConnectStateLocation" || echo "No record found")
# If our result is "No record found", return the result to the EA and stop
if [ "$LastSignIn" = "No record found" ]; then
echo "<result>No record found</result>"
exit 0;
# Otherwise, use the date command to calculate how far back in Epoch time is our maximum sign in date, compare to the
# results of the LastSignIn.
else
# Give us today's date minus the range, report in Epoch time
LastSignInMaxDate=$(/bin/date -j -v -"$LastSignInMaxAge"d "+%s")
# Convert the UTC formatted date from LastSignIn into Epoch time
LastSignIn=$(/bin/date -j -f "%a %b %d %T %Z %Y" "$LastSignIn" "+%s")
# Compare the numberic values of the dates (that's why we're using ((.)) and not [ $variable ] in this if command
# If the last signin is less than or equal to the cutoff (aka a date earlier than x days back), report Over limit
if ((LastSignIn <= LastSignInMaxDate)); then
echo "<result>Over limit</result>"
else
# Otherwise, we coo. Within the limits.
echo "<result>Within limit</result>"
fi
fi
exit 0;
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.