Skip to main content
Question

App Store Extension Attribute

  • January 18, 2017
  • 4 replies
  • 38 views
S
Forum|alt.badge.img+3

Hey all,

There used to be a plist file called "com.apple.storeagent.plist" in a user's library that you could pull a currently logged in apple ID in the app store from. It looks like that file doesn't exist anymore, so I was hoping there was another way to find out what apple ID a user is logged into in the App Store via a command/extension attribute.

Any ideas? Thanks!

    4 replies

    mm2270
    Forum|alt.badge.img+24
    • mm2270
    • Legendary Contributor
    • January 18, 2017

    There is a way, but it involves using a binary that you'd need to deploy to your Macs. Its called "mas" (for "Mac App Store") and it can be found here: https://github.com/mas-cli/mas It allows you to run a simple command to see what account is logged into the Mac App Store, but more than just that. Take a look at it and see if it will solve your issue.

      emily
      Forum|alt.badge.img+26
      • emily
      • Hall of Fame
      • January 18, 2017

      I was actually just asking about this on the #jamfnation channel in the MacAdmins Slack. Looks like it's the primary account in ~/Library/Preferences/com.apple.commerce.plist.

      So something like this:
      /usr/libexec/PlistBuddy -c "Print :PrimaryAccount:0:1:identifier" /Users/$LOGGED_IN_USER/Library/Preferences/com.apple.commerce.plist
      would spit out an Apple ID (you'd need to establish the LOGGED_IN_USER).

      I've done some poking around on a VM using Composer to see what files are modified on sign-in/sign-out and it seems like the com.apple.commerce.plist route is the most consistent. But YMMV.

      ekw | jamf @ jamf
        S
        Forum|alt.badge.img+1
        • SegalCo
        • New Contributor
        • April 10, 2018

        Here's one based on @emily's suggestion. Appears to be working on 10.12.6 and 10.13.4.

        #!/bin/bash

loggedInMacUser=$(/usr/bin/stat -f%Su /dev/console)

if [ -e "/Users/$loggedInMacUser/Library/Preferences/com.apple.commerce.plist" ]; then

    primaryAccountIdentifier=$(/usr/libexec/PlistBuddy -c "Print :PrimaryAccount:0:1:identifier" "/Users/$loggedInMacUser/Library/Preferences/com.apple.commerce.plist" 2>&1)

    result=$?

    if [ "$result" -eq 1 ]; then

        echo "<result>$primaryAccountIdentifier</result>"

    elif [ "$result" -eq 0 ]; then

        echo "<result>$primaryAccountIdentifier</result>"

    fi

else

    echo "<result>No PList to check</result>"

fi

        Stderr is redirected in the event the entry is not in the plist (which appears to occur when not signed in). Thinking that output is more useful than an empty or null value.

        L
        Forum|alt.badge.img+16
        • Look
        • Valued Contributor
        • April 10, 2018

        If your making it as an AE and wanting it to always be populated with the most recently used ID you might want to scrape through all users for the most recently modified one that contains an ID. Otherwise anytime there was an inventory update with no one logged in it would return empty.

        Terms & ConditionsCookie settingsAccessibility statement