Skip to main content

Hello,

 

I need a daily report. Our security team want a daily report like this. Does Last users has admin rights? How can i do that? I need your help.

 

Thank you. 

You could run a script once a day to try and work out if the logged in user or last user has admin rights... Something like the following will give you a skeleton, though it's far from perfect.

#!/bin/bash # Logged in user User_Name=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' ) if [ -z $User_Name ]; then # Mostly will return the last logged in user User_Name=$( last -1 | awk '{print $1}' ) fi # Members of the local admin group Who_is_Admin=`dscl . -read /Groups/admin | grep GroupMembership` # Check if the name is in the group Admin_Exists=`echo $Who_is_Admin | tr " " "\\n" | grep $User_Name` if ! [ -z $Admin_Exists ]; then echo $User_Name was an admin fi

 

You could run a script once a day to try and work out if the logged in user or last user has admin rights... Something like the following will give you a skeleton, though it's far from perfect.

#!/bin/bash # Logged in user User_Name=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' ) if [ -z $User_Name ]; then # Mostly will return the last logged in user User_Name=$( last -1 | awk '{print $1}' ) fi # Members of the local admin group Who_is_Admin=`dscl . -read /Groups/admin | grep GroupMembership` # Check if the name is in the group Admin_Exists=`echo $Who_is_Admin | tr " " "\\n" | grep $User_Name` if ! [ -z $Admin_Exists ]; then echo $User_Name was an admin fi

 


Commands are working but how can i report the answer?

So the best answer would probably be to send the info to a log server or a network share, in either case you would need to get the computer name within code. Jamf has extension attributes that could hold this info, but they are not updated once a day... If this information is being gathered for non-Macs you may want to put the info in the same place...

Terms & ConditionsCookie settingsAccessibility statement