Jamf Nation Community

@easyedc That gets me closer, but doesn't link the specific app to the username. It is good to know that we can at least narrow the list down a bit. Thank you!

@nadams Digging through some stuff, @magervalp has some posts related about what you can actually gleam from the MAS receipt. You may be able to dig through receipts and find it? https://magervalp.github.io/2013/03/19/poking-around-in-masreceipts.html

@easyedc Thanks for that bit of info... I think we're going to take a step back and just identify the machines his ID has been used on, and then look at them individually.

I could use a bit of help with your script though, as I was trying to run it manually and it didn't seem to work. Can you explain what you mean by "an EA"? Am I just meant to take your text and run it as a script and it'll work? I'm also wondering what "/usr/libexec/PlistBuddy" is referencing.

Thanks for any help you can provide.

@nadams An EA is an Extension Attribute, and EAs allow you to add fields to the inventory data for your computers. One of the ways to collect the data for an EA is a script that will run each time the computer checks in with the JSS. You define EAs in the Computer Management - Management Framework settings on your JSS console.

@nadams

/usr/libexec/PlistBuddy

is the binary executable that can interact with .plist files in terminal. so what my script does is read the contents of the .plist stored at

~/Library/Preferences/com.apple.commerce.plist

and makes it something that can be used via script.

@easyedc Is PlistBuddy something that I have to distribute out to all the Macs ahead of time? Nevermind... I see that it's included in the OS.

@easyedc Sorry to keep bothering you about this. I have everything set up, and started receiving my first inventory results. What I'm finding is that only the first account listed in the PLIST file is being reported. Any subsequent accounts are not shown in the inventory view. Any thoughts?

and actually... you sent me down a path. try this

defaults read ~/Library/Preferences/com.apple.commerce.plist KnownAccounts | grep identifier | awk '{print $NF}' | sed 's/"//g ; s/;//g'

and clean it up to work for the EA.

#!/bin/bash USR=$(defaults read /Library/Preferences/com.apple.loginwindow.plist lastUserName) store=$(/usr/bin/defaults read /Users/$USR/Library/Preferences/com.apple.commerce.plist KnownAccounts | grep identifier | awk '{print $NF}') echo "<result>$store</result>" exit 0

@easyedc Thank you so much for your help. This actually worked perfectly to return the accounts. I'm not really concerned that they're separated by a semicolon as well as in quotes for the purposes of this discovery... I might work to clean it up using the other information you posted, but I was under a lot of pressure to get this working immediately.

I will freely admit that I know very little about scripting or really Unix commands in general... grep/awk/sed are basically a foreign language that I need to start learning.

Thank you again!

FWIW I went ahead and cleaned it up for my own uses. Here's what I have

#!/bin/bash
USR=$(defaults read /Library/Preferences/com.apple.loginwindow.plist lastUserName)
store=$(/usr/bin/defaults read  /Users/$USR/Library/Preferences/com.apple.commerce.plist KnownAccounts | grep identifier | awk '{print $NF}' | sed 's/"//g ; s/;//g')
echo "<result>$store</result>"
exit 0

And now let me throw my hat in the ring:

#!/bin/bash

lastusr=$(/usr/bin/defaults read /Library/Preferences/com.apple.loginwindow.plist lastUserName);
store=$(/usr/libexec/PlistBuddy -c "Print PrimaryAccount:0:1:identifier" /Users/${lastusr}/Library/Preferences/com.apple.commerce.plist);

echo "<result>${store}</result>"

exit 0

I came up with this variant since reading KnownAccounts instead of PrimaryAccount seemed to get it wrong if a given user had logged in and out of the MAS. Is there a case I'm not thinking of where reading PrimaryAccount wouldn't work?

<pedant mode>Also, I would point out that user home folders aren't always in /Users/ , and EAs should account for this.</pedant mode>