I'm thinking of writing a script to control wether a user is an admin on their system or not. Some checks to make that determination:
1) Does this person have an AD account (even if we don't bind, i want to not run the script for just local test/service accounts)
2) Is the logged in user the one assigned to the device in the jamf server (this is to ensure they don't get Admin on any machine they log into, just their assigned devices)
3) Is the user a member of either an "Admins" AD group" or a Jamf Static User group of Admins.
If all is true, then make them an admin, if not, then change them to standard.
Does anyone have an existing script like this, or know a better way? Or if not, does anyone have a way to get if a logged in user is also the user assigned on the device in the Jamf server? I'm assuming this has to go through the API, but didn't know if there was a better way.
Thanks
