Active iCloud users

llitz123
Contributor III

Does anyone have a method for easily indetifying users who are actively using iCloud and it's features?
Thanks.

5 REPLIES 5

afarnsworth
Contributor

I don't know the entire answer but I think you may want to look at this file:

/Users/$username/Library/Accounts/Accounts#.sqlite

It has a ZACCOUNT table that contains different types of accounts setup on the Mac. ZACCOUNTTYPE has what seems to be an index of what account types are available.

Chris
Valued Contributor

There's also /Users/$username/Library/Preferences/MobileMeAccounts.plist.
I'm using this (pretty ugly) EA to determine iCloud Keychain Sync Status, you can adapt it to other services.

#!/bin/bash

#Path to PlistBuddy
plistBud="/usr/libexec/PlistBuddy"

#Determine logged in user
loggedInUser=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')

#Determine whether user is logged into iCloud
if [[ -e "/Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist" ]]; then
    iCloudStatus=$("$plistBud" -c "print :Accounts:0:LoggedIn" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )

    #Determine whether user has Drive enabled. Value should be either "false" or "true"
    if [[ "$iCloudStatus" = "true" ]]; then
        for i in {1..20}
        do
            #Iterate over ServiceIDs to find com.apple.Dataclass.KeychainSync
            ServiceID=$("$plistBud" -c "print :Accounts:0:Services:$i:ServiceID" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
            if [[ "$ServiceID" = "com.apple.Dataclass.KeychainSync" ]]; then
                iCKStatus=$("$plistBud" -c "print :Accounts:0:Services:$i:Enabled" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
                if [[ "$iCKStatus" = "true" ]]; then
                    iCKStatus="YES"
                    break
                else
                    iCKStatus="NO"
                    break
                fi
            fi

        done
    fi
    if [[ "$iCloudStatus" = "false" ]] || [[ -z "$iCloudStatus" ]]; then
        iCKStatus="NO"
    fi
else
    iCKStatus="NO"
fi

/bin/echo "<result>$iCKStatus</result>"

richeames
New Contributor III

I found this and modified it to count the number of files in iCloud Drive. The value then populates the EA for my iCloud Drive Smart Group. If the value is > 0 the computer gets moved into the Smart Group and I can remind the user that iCloud Drive is not allowed due to HIPAA concerns.

!/bin/bash

loggedInUser=$(stat -f%Su /dev/console)

if [[ $loggedInUser = "root" ]] || [[ $loggedInUser = "localadmin1" ]] || [[ $loggedInUser = "localadmin2" ]]; then
echo "No user logged in - exiting script"
exit 0
fi

count=$(find /Users/$loggedInUser/Library/Mobile Documents/ -maxdepth 1 ( ! -iname ".*" ) ( ! -iname "Icon?" ) | sed '1d' | awk 'END{print NR}')

echo "<result>$count</result>"

Chris
Valued Contributor

@richeames

/Users/$loggedInUser/Library/Mobile Documents/

you may wanna revisit that for "an upcoming version of macOS"...

ishkhanna
New Contributor

I don't think.. If you got please let me know as well..