Help

Extension attribute for reading preferences

_aDiedericks
Contributor

Posted on ‎02-22-2024 05:19 AM

Hi there,

I've been trying to get an extension attribute read to push the the following changes using a policy:

/usr/bin/security authorizationdb write system.preferences.network allow
/usr/bin/security authorizationdb write system.services.systemconfiguration.network allow
/usr/bin/security authorizationdb write com.apple.wifi allow

For example how would I read 'system.preferences.network' and report if it is not in 'allow' state? This is to scope a policy that will push the above to devices reporting 'system.preferences.network' to not be in 'allow' state.

0 Kudos
1 REPLY 1

mm2270
Legendary Contributor III

Posted on ‎02-22-2024 04:08 PM

For starters, change write to read.

/usr/bin/security authorizationdb read system.preferences.network

Drop the allow from the first command when reading back the preferences. 

There will need to be some additional scripting to read back the values. You could also send the results out to a plist file for easier parsing.

/usr/bin/security -q authorizationdb read system.preferences.network > /tmp/system.preferences.network.plist

Note the addition of -q to the security command (quiet), which suppresses some output that doesn't belong in a plist file. Then you can easily read back the settings using defaults.

/usr/bin/defaults read /tmp/system.preferences.network.plist

From there, use grep or something to see if the setting you're interested in is present in the plist. If it's there in the plist, then the setting is applied to that preference.