Jamf Nation Community

spowell01 · ‎06-13-2014

Last year i had a policy that created a hidden user account that was used by a single teacher to monitor her students via ARD. As of right now, the policy & script has been removed from our enivornment and i'm left with a handful of machines out there that have a hidden user called MONITOR. The account is hidden from users and groups, but its home folder is visible. Smart groups based on local user accounts do not seem to work if the account is hidden. Does anyone have a trick to getting machines into a smart group if they have a specific hidden account? Thanks and hope everyone has a great weekend!

calumhunter · ‎06-13-2014

yep id use an extension attribute to test for the presence of the hidden account and return a true/false and then create a smart group on that.

View solution in original post

mm2270 · ‎06-15-2014

If the account is an actual valid account that was used and not just an orphaned home folder, then no matter how hidden it is, it will show up in dscl. Dscl sees everything, even if the home folder is tucked away in /private/var/
Further, if the account's UID is below 501, then you should be able to easily generate a list of sub 501 accounts and grep for "MONITOR"

#!/bin/sh

if [[ $(dscl . list /Users UniqueID | awk '$2 < 501 {print $1}' | grep -i "^MONITOR$") ]]; then
      echo "<result>Present</result>"
else
      echo "<result>Not Present</result>"
fi

Note that above in the grep I enclosed the name with ^ and $ to indicate start and end of line. Reason is, there's always a possibility of other sub 501 accounts native on the Mac that would have the term "monitor" in them somewhere, so making sure the whole name is "monitor" will avoid false positives. Also, I assume the uppercase "MONITOR" is the regular full name and not the short name since those don't usually have any upper case in them, so I threw in the -i flag to make grep do case insensitive matching.

View solution in original post

spowell01 · ‎06-13-2014

So i noticed that under inventory collection i can include hidden system accounts. With that selection enabled, I was able to get machines into the smart group with the hidden admin account. Ideally i wouldn't have to see the 200+ hidden system accounts that reside on our machines by default.....a custom script may be the only way to single out a specific hidden local user account.

calumhunter · ‎06-13-2014

yep id use an extension attribute to test for the presence of the hidden account and return a true/false and then create a smart group on that.

mm2270 · ‎06-15-2014

If the account is an actual valid account that was used and not just an orphaned home folder, then no matter how hidden it is, it will show up in dscl. Dscl sees everything, even if the home folder is tucked away in /private/var/
Further, if the account's UID is below 501, then you should be able to easily generate a list of sub 501 accounts and grep for "MONITOR"

#!/bin/sh

if [[ $(dscl . list /Users UniqueID | awk '$2 < 501 {print $1}' | grep -i "^MONITOR$") ]]; then
      echo "<result>Present</result>"
else
      echo "<result>Not Present</result>"
fi

Note that above in the grep I enclosed the name with ^ and $ to indicate start and end of line. Reason is, there's always a possibility of other sub 501 accounts native on the Mac that would have the term "monitor" in them somewhere, so making sure the whole name is "monitor" will avoid false positives. Also, I assume the uppercase "MONITOR" is the regular full name and not the short name since those don't usually have any upper case in them, so I threw in the -i flag to make grep do case insensitive matching.

spowell01 · ‎06-17-2014

Thanks for the comment CalumHuter, and the custom extension attribute mm2270!

Your assumptions were correct mm, I went ahead and loaded the EA into our JSS and its exactly what i was looking for.

Cheers for the awesome quick response!

Jamf Nation Community

Create smart group based on if a machine has a hidden local user account