Jamf Nation Community

KyleEricson · ‎03-28-2018

I have DEP setup with JAMF and instead of going through System Preferences I want a policy via Self Service to create a new local admin user with popup GUI for the deployment team. How can I do this?

Read My Blog: https://www.ericsontech.com

m_donovan · ‎03-28-2018

Here is a script that I use to create mobile accounts for our users. You could modify it to accomplish what you need. I am sure there are plenty of other ways to do this but this should get you started.

#!/bin/bash

## Check for district icon
file=$(find /Library/Application Support/JAMF/bin/KISDColorseal.png)
if [ ! -z "$file" ]
then
    useIcon=/Library/Application Support/JAMF/bin/KISDColorseal.png
    #echo "found"
else
    useIcon=/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertNoteIcon.icns
    #echo "not found"
fi

while true
do
userAdmin=$(/usr/bin/osascript -e 'Tell application "System Events" to display dialog "Please enter a username/e-Number or select Cancel." default answer "e012345"' -e 'text returned of result' 2>/dev/null)
    if [ "$?" -ne 0 ]     
    then # user cancel
        exit 1
    elif [ -z "$userAdmin" ]
    then # loop until input or cancel
        /usr/bin/osascript -e 'Tell application "System Events" to display alert "Please enter a username or select Cancel... Thanks!" as warning'
    else [ -n "$userAdmin" ] # user input
        break
    fi
done

## Check if the user is a member of staff AD group
result=$(dsmemberutil checkmembership -U $userAdmin -g 123456789)
compare="user is a member of the group"

if [ "$result" = "$compare" ]; then

    echo "Create Mobile Account"
    /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n $userAdmin
    sleep 2
    echo "Make User an Admin"
    /usr/sbin/dseditgroup -o edit -a "$userAdmin" -t user admin
    sleep 2

    /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper 
    -windowType utility 
    -title "KISD Mac Systems Admin" 
    -heading "Admin Assignment Complete" 
    -description "$userAdmin has been made an administrator of this computer." 
    -icon "$useIcon" 
    -iconSize 110 
    -button1 "Okay" -defaultButton 1

else

    ### If the user is not a member of the staff AD group exit
    echo "User is NOT staff"

    /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper 
    -windowType utility 
    -title "KISD Mac Systems Admin" 
    -heading "Not a Staff member" 
    -description "$userAdmin is not a staff member." 
    -icon "$useIcon" 
    -iconSize 110 
    -button1 "Okay" -defaultButton 1

    exit 2
fi

exit 0

KyleEricson · ‎03-29-2018

This fails to run.
This is the error:
Script result: 2018-03-29 09:00:06.478 sysadminctl[8590:51168] Failed to authenticate with SystemAdministration framework.

I have tried the sysadminctl with and without sudo

#!/bin/sh
fullname=$(/usr/bin/osascript -e 'Tell application "System Events" to display dialog "Please enter the users First & Last name or select Cancel." default answer "John Doe"' -e 'text returned of result' 2>/dev/null)

username=$(/usr/bin/osascript -e 'Tell application "System Events" to display dialog "Please enter the username or select Cancel." default answer "johdoe"' -e 'text returned of result' 2>/dev/null)

#Create user account
sudo /usr/sbin/sysadminctl -addUser $username -fullName "$fullname" -password userpass -admin

Read My Blog: https://www.ericsontech.com

KyleEricson · ‎03-29-2018

Nevermind found it:

When running sysadminctl on 10.13, the admin user and password need to be passed to sysadminctl in addition to the -addUser options.

Changes to the sysadminctl command can be seen in the usage output on each OS:

Is there a way to place the JAMF Management account username and password in this string?

#!/bin/sh

/usr/sbin/sysadminctl -addUser $username -fullName "$fullname" -password userpass -admin -adminUser CoolAdmin -adminPassword superpass

Read My Blog: https://www.ericsontech.com

Jamf Nation Community

Create local user account