We can use this to get local accounts:
$ dscl /Local/Default -list /Users UniqueID | awk '$2 >= 100 { print $1 }'But it returns some system accounts. How do we exclude these (they begin with underscore)?
Thanks,
Don
Solved
dscl command to list local users but exclude system accounts?
+36Best answer by jstrauss
Try:
dscl /Local/Default -list /Users UniqueID | awk '$2 >= 100 { print $1 }' | grep -v "_"
Hope this helps!
+9Try:
dscl /Local/Default -list /Users UniqueID | awk '$2 >= 100 { print $1 }' | grep -v "_"
Hope this helps!
+36Thanks! Works great! Karl responded over at MacEnterprise.org with another variation:
dscl /Local/Default -list /Users uid | awk '$2 >= 100 && $0 !~ /^_/ { print $1 }'Don
+12Sorry, hit go too quickly. There are already responses. I would however go with mine of Don's, as these explicitly say line starts with an underscore
+31Do you have any accounts on your systems that are not used by the system and have a UID of lower than 500?
+5Does anyone know how to refine this search to show local administrator accounts only?
Or does anyone know the best way to get a report of all machines with local admin accounts on them?
Thanks,
Matt
+31You can try this snip of code @mjohnston
dscl . read /Groups/admin GroupMembershipor
You can run an EA and just check to see if the local account is a member of the admin group every time a device checks in for recon. Example:
#!/bin/bash
currentUser=$(ls -l /dev/console | awk '{ print $3 }')
checkAdmin=$(dseditgroup -o checkmember -m ${currentUser} admin | awk '/yes/ { print $1 }')
if [[ ${checkAdmin} == 'yes' ]]
then echo "<result>admin true</result>"
else echo "<result>admin false</reult>"
fiThe above EA would allow you to build a report in the JSS.
Cheers,
Tom
1 person likes this
+5@tlarkin
Thanks for this info. It's moved me forward in the process.
I had already built a report using an EA but I didn't have the script right and it was returned ALL user accounts.
I assume I have to wait until all machines have checked in with Casper until it can populate? It's early here so only a few machines on.
Is there a way I can force ALL machines to check in or do I just have to be patient?
Thanks a bunch.
Matt
+16It will depend on your JSS settings, but generally, machines should check in as soon as they come online, especially if they haven't been in contact with the JSS for a little while. I would just wait a bit and run some advanced searches using the EA criteria and see what starts showing up. If all looks good, build your Smart Group.
Also, you can look at my post here for a more involved/advanced EA script that will report on all accounts on the Mac and whether they are local or domain as well as admin or standard.
https://jamfnation.jamfsoftware.com/featureRequest.html?id=2065#responseChild10170
Reply
Most helpful members this week
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.