Two issues I have.
1. The newly created user is not added to FileVault 2. Can I do a fdesetup -add -usertoadd to fix this
2. My verification to see if the user is enabled for FileVault 2 doesn't seem to do anything.
Ideas?
#!/bin/bash
if [ "$IS_LAPTOP" != "" ]; then
#username=$(/usr/bin/osascript -e 'Tell application "System Events" to display dialog "Please enter the domain username or select Cancel." default answer "johdoe"' -e 'text returned of result' 2>/dev/null)
username=$(/usr/sbin/scutil --get ComputerName | cut -d- -f1)
#Create AD mobile account
/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n $username -D
#Make Admin
/usr/sbin/dseditgroup -o edit -a "$username" -t user admin
#Disable parental controls
sudo dscl . -mcxdelete /Users/$username
sudo rm -rf /Library/Managed Preferences/$username
user_password=$(/usr/bin/osascript -e 'Tell application "System Events" to display dialog "Please enter the domain user password or select Cancel." default answer "Acemfg1"' -e 'text returned of result' 2>/dev/null)
sysadminctl "$username" -password "$user_password" -secureTokenOn -adminUser "Administrator" -adminPassword "adminpassword"
# "Message"
function error() {
osascript <<EOT
tell app "System Events"
display dialog "$1" buttons {"OK"} default button 1 with icon caution with title "Important Info"
return -- Suppress result
end tell
EOT
}
error "$username account has been created. Update user and location info in JAMF console @ https://acemfg.jamfcloud.com"
# Did we succeed?
if fdesetup list | grep -q ${username}
then
echo "Successs!"
error "Success FileVault is enabled for $fullname"
#/usr/local/bin/jamf policy -event azurereg
exit 0
else
echo "Failed :("
error "Failed FileVault is not enabled for $fullname open System Preferences->Security & Privacy->FileVault to fix"
exit 1
fi
else
username=$(/usr/sbin/scutil --get ComputerName | cut -d- -f1)
#Create AD mobile account
/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n $username -D
#Make Admin
/usr/sbin/dseditgroup -o edit -a "$username" -t user admin
#Disable parental controls
sudo dscl . -mcxdelete /Users/$username
sudo rm -rf /Library/Managed Preferences/$username
user_password=$(/usr/bin/osascript -e 'Tell application "System Events" to display dialog "Please enter the domain user password or select Cancel." default answer "Acemfg1"' -e 'text returned of result' 2>/dev/null)
#/usr/local/bin/jamf policy -event azurereg
# "Message"
function error() {
osascript <<EOT
tell app "System Events"
display dialog "$1" buttons {"OK"} default button 1 with icon caution with title "Important Info"
return -- Suppress result
end tell
EOT
}
error "$username account has been created. Update user and location info in JAMF console @ https://acemfg.jamfcloud.com"
exit 0
fi
Read My Blog: https://www.ericsontech.com
