Question

Extension Attribute Help

6 years ago
November 20, 2018
2 replies
0 views

+11

coachdnadel
Jamf Heroes
36 replies

I am trying to use a script I found on another thread as an extension attribute to list all admin accounts on my laptops, excluding root and our main local admin account. I can run the script successfully on an idividual computer, but when I use it as an extension attribute, the attribute remains blank on the computer I successfully can run the script on. Anyone see what I'm missing?

#!/bin/sh

# Script to detect if a computer has a local admin account on it with a UID
# above 500

# Don't list these admin accounts
except=('localadmin1' 'root')

# Initialize array
list=()

# generate user list of users with UID greater than 500
for username in $(dscl . list /Users UniqueID | awk '$2 > 500 { print $1 }'); do
    # Checks to see which usernames are reported as being admins. The
    # check is running dsmemberutil's check membership and listing the
    # accounts that are being reported as admin users. Actual check is
    # for accounts that are NOT not an admin (i.e. not standard users.)
    if [[ $(dsmemberutil checkmembership -U "${username}" -G admin) != *not* ]] &&
           grep -qvFf <(printf '%s
' "${except[@]}") <(echo "${username}")
    then
        # Any reported accounts are added to the array list
        list+=("${username}")
    fi
done

# Prints the array's list contents
echo "<result>${list[@]}</result>"

+16

kendalljjohnson
Valued Contributor
105 replies
6 years ago
November 20, 2018

Not sure what might be going on with yours, but another way of going about it would be to look at the admin membership and then exclude the specific admin users you are aware of. This is the one I use and has worked for a couple years in my environment, just put your own admin accounts in that need to be excluded from the results:

#!/bin/bash

accounts=$(dscl . -read /Groups/admin GroupMembership | tr " " "
" | grep -v "GroupMembership:" | grep -v "root" | grep -v "admin")

echo "<result>$accounts</result>"

+11

coachdnadel
Author
Jamf Heroes
36 replies
6 years ago
November 20, 2018

Thanks for the post @kendalljjohnson That is a much cleaner script, and I will try it out. However, the issue isn't that the script I posted isn't working as expected, its that the extension attribute field in the JSS stays blank even after I update the inventory on a machine that I have successfully run the script on. I'll try substituting your script in my Extension Attribute and see what happens.

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos + marketing

Reply

Related topics

🎥 Watch: Celebrating Black History Month: Best Practices for Brands

Celebrating Black History Month: Best Practices for Brands

Welcome New Members - February 24th, 2025

Celebrating Black History Month: Best practices for celebrating on social media and beyond

How brands can collaborate with Black creators

Most helpful members this week

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings