Extension Attribute to report if Screen Time is enabled?

GabeShack
Valued Contributor III

Hey all,

We found that some of the parental controls from screen time on our MacBooks cause issues with test loading in TestNav and we have to disable them.  Im now trying to create an extension attribute to show if the user has screen time enabled so we can send a message to these specific students and parents.

During covid we provided instructions for parents to enable screen time on their kids devices, but now have to send messaging out to have them disable it for the tests.

Anyone have any suggestions?

Gabe Shackney
Princeton Public Schools
2 ACCEPTED SOLUTIONS

GabeShack
Valued Contributor III

@mm2270 Apparently I can't edit my post above so this should be the correction with the current user....i just want to see if there is a way it can fail out if maybe either root or no user is logged in so that it doesn't put anything into the field, but that also makes me wonder if this runs when no one is logged in if it will then overwrite the previous data that the extension attribute grabbed maybe when someone was logged in previously....hmmm...

 

 

#!/bin/zsh
currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
ScreentimeOn=$( defaults read /Users/$currentUser/Library/Containers/com.apple.ScreenTimeAgent/Data/Library/Preferences/com.apple.ScreenTimeAgent.plist UsageGenesisDate )
 if [ -z "$ScreentimeOn" ]; then
    echo "<result>Screentime Disabled</result>"
    else  
    echo "<result>Screentime Enabled</result>"
    fi
exit 0

 

 

Gabe Shackney
Princeton Public Schools

View solution in original post

mm2270
Legendary Contributor III

Hey @GabeShack Add a line where you can check if the currentUser matches some known values, and if so, exit or just send back a "Unknown" as the result.

 

 

if [[ "$currentUser" = "root" || "$currentUser" = "admin" ]]; then
    result="Unknown"
else
    ScreentimeOn=$( defaults read /Users/$currentUser/Library/Containers/com.apple.ScreenTimeAgent/Data/Library/Preferences/com.apple.ScreenTimeAgent.plist UsageGenesisDate )
    if [ -z "$ScreentimeOn" ]; then
        result="Screentime Disabled"
    else  
        result="Screentime Enabled"
    fi
fi

echo "<result>$result</result>"

exit 0

 

In terms of it overwriting any previous EA result, yes it will do that. The only way to preserve a previous value I'm aware of is to write the last result into a local file/plist somewhere on the device, and then in that first if/then test if a user is not logged in, just grab the value from the plist from last run and use that as the result instead.

 

View solution in original post

9 REPLIES 9

GabeShack
Valued Contributor III

so i found the plist that shows if screen time is enabled:

~/Library/Containers/com.apple.ScreenTimeAgent/Data/Library/Preferences/com.apple.ScreenTimeAgent.plist

there is a UsageGenesisDate key that is created if screen time is on.  Now i just need script to see if this is there or not.

Gabe Shackney
Princeton Public Schools

GabeShack
Valued Contributor III

so here is the ea i came up with to show if screen time is on or off:

#!/bin/zsh

ScreentimeOn=$( defaults read ~/Library/Containers/com.apple.ScreenTimeAgent/Data/Library/Preferences/com.apple.ScreenTimeAgent.plist UsageGenesisDate )
 if [ -z "$ScreentimeOn" ]; then
    echo "<result>Screentime Disabled</result>"
    else 
#if its not blank print the result  
    echo "<result>Screentime Enabled</result>"
    fi
exit 0
Gabe Shackney
Princeton Public Schools

mm2270
Legendary Contributor III

Hey @GabeShack is that EA giving you the results you expect? Because you're using the ~ shortcut to the current user's home directory. but if the EA script is running as root as I would expect, it's going to be looking for the plist in /private/var/root, not whoever is using the Mac and would have that ScreenTime setting enabled.

You might need to adjust it to capture the logged in user and look in their home directory, or loop over all existing homes or something like that.

GabeShack
Valued Contributor III

@mm2270what if i want it to exit with out with no results if no user is logged in?

Gabe Shackney
Princeton Public Schools

GabeShack
Valued Contributor III

Right. lol.  We are knee deep in testing so im running on empty....good catch.

Gabe Shackney
Princeton Public Schools

GabeShack
Valued Contributor III

@mm2270 Apparently I can't edit my post above so this should be the correction with the current user....i just want to see if there is a way it can fail out if maybe either root or no user is logged in so that it doesn't put anything into the field, but that also makes me wonder if this runs when no one is logged in if it will then overwrite the previous data that the extension attribute grabbed maybe when someone was logged in previously....hmmm...

 

 

#!/bin/zsh
currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
ScreentimeOn=$( defaults read /Users/$currentUser/Library/Containers/com.apple.ScreenTimeAgent/Data/Library/Preferences/com.apple.ScreenTimeAgent.plist UsageGenesisDate )
 if [ -z "$ScreentimeOn" ]; then
    echo "<result>Screentime Disabled</result>"
    else  
    echo "<result>Screentime Enabled</result>"
    fi
exit 0

 

 

Gabe Shackney
Princeton Public Schools

mm2270
Legendary Contributor III

Hey @GabeShack Add a line where you can check if the currentUser matches some known values, and if so, exit or just send back a "Unknown" as the result.

 

 

if [[ "$currentUser" = "root" || "$currentUser" = "admin" ]]; then
    result="Unknown"
else
    ScreentimeOn=$( defaults read /Users/$currentUser/Library/Containers/com.apple.ScreenTimeAgent/Data/Library/Preferences/com.apple.ScreenTimeAgent.plist UsageGenesisDate )
    if [ -z "$ScreentimeOn" ]; then
        result="Screentime Disabled"
    else  
        result="Screentime Enabled"
    fi
fi

echo "<result>$result</result>"

exit 0

 

In terms of it overwriting any previous EA result, yes it will do that. The only way to preserve a previous value I'm aware of is to write the last result into a local file/plist somewhere on the device, and then in that first if/then test if a user is not logged in, just grab the value from the plist from last run and use that as the result instead.

 

GabeShack
Valued Contributor III

Thanks!  It seems to only be running currently on logged in devices and seems to be returning the results im looking for.

 

Gabe Shackney
Princeton Public Schools

mm2270
Legendary Contributor III

Well, that kind of makes sense, if someone needs to be logged in for it to have a network connection to connect to Jamf Pro. I assume maybe that's the case.