- Jamf Nation Community
- Products
- Jamf Pro
- Extension Attrubue Help- Disable “Allow guests to ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-01-2012 02:34 PM
I have created a custom MCX to set:
Apply setting to: System Level Enforced
Domain: /Library/Preferences/com.apple.smb.server
Key: AllowGuestAccess
Value: false
I am unable to come up with the appropriate command line that will check this value:
I have tried many variations of both "dscl . mcxread" and "defaults read" but I seem to be missing the correct structure for the command. can someone jump in and point me in the right direction? Please!
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-01-2012 03:53 PM
Just some questions. Why the in front of AllowGuestAccess in your script? I don't understand why that would be needed. When using defaults to read that back you shouldn't need to escape that. Or am I the one missing something?
Also, why do you need to check what it finds against a desired value in the EA itself? The Extension Attribute should simply be returning a result, which you can then use to create Smart Groups to take some action, like dropping a machine into scope of your MCX setting. Its not like you'd be looking for the script in the EA to take some action on the machine if it doesn't find the desired value. It really just plugs a value into the db. Taking an action is what a policy would be for.
Does something simpler like this work?
#!/bin/sh
GuestAccess=`/usr/bin/defaults read /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess 2> /dev/null`
echo $GuestAccess
if [[ $GuestAccess == 0 ]]; then
echo "<results>Disabled</result>"
elif [[ $GuestAccess == 1 ]]; then
echo "<result>Not Disabled</result>"
elif [[ $GuestAccess == "" ]]; then
echo "<result>Unknown</result>"
fiForgive me if I'm overlooking something.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-01-2012 03:04 PM
Why not just
/usr/bin/defaults read /Library/Preferences/com.apple.smb.server AllowGuestAccessWhen I set the value to false with defaults and read it back I get 0, which is the correct value returned for a false setting. Even though you use human readable words when setting it, reading it back displays a value of 0 or 1 (false or true)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-01-2012 03:14 PM
your suggestion works in the command line and returns 0, So I have thisas my EA script and it returns:
Fail (/usr/bin/defaults read /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess).
I am missing something easy here! I just know it.
#!/bin/sh
desiredValue="0"
result=""
tmpResult= /usr/bin/defaults read /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess
if [ "$tmpResult" == "1" ]; then
result="true"
else
if [ "$tmpResult" == "0" ]; then
result="false"
else
if [ "$tmpResult" == "" ]; then
result="Domain or Key Not Found"
else
result="$tmpResult"
fi
fi
fi
if [ "$result" == "$desiredValue" ]; then
echo "<result>Pass ($result)</result>"
else
echo "<result>Fail ($result)</result>"
fi
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-01-2012 03:18 PM
@mm2270
I actually had to change the path in the example above
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-01-2012 03:53 PM
Just some questions. Why the in front of AllowGuestAccess in your script? I don't understand why that would be needed. When using defaults to read that back you shouldn't need to escape that. Or am I the one missing something?
Also, why do you need to check what it finds against a desired value in the EA itself? The Extension Attribute should simply be returning a result, which you can then use to create Smart Groups to take some action, like dropping a machine into scope of your MCX setting. Its not like you'd be looking for the script in the EA to take some action on the machine if it doesn't find the desired value. It really just plugs a value into the db. Taking an action is what a policy would be for.
Does something simpler like this work?
#!/bin/sh
GuestAccess=`/usr/bin/defaults read /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess 2> /dev/null`
echo $GuestAccess
if [[ $GuestAccess == 0 ]]; then
echo "<results>Disabled</result>"
elif [[ $GuestAccess == 1 ]]; then
echo "<result>Not Disabled</result>"
elif [[ $GuestAccess == "" ]]; then
echo "<result>Unknown</result>"
fiForgive me if I'm overlooking something.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-01-2012 06:38 PM
To test the output of the previous command in bash, you can use `echo $?`
for example:
bash-3.2$ dscl . list /Users | grep tlarkin
tlarkin
bash-3.2$ echo $?
0Returning zero means it exited with no errors
bash-3.2$ dscl . list /Users | grep conanthebarbarian
bash-3.2$ echo $?
1The last command failed, so it had an exit status of 1. You can use that to see if a command returns a proper exit status or not.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-03-2012 11:44 AM
Thanks So much to everyone , I have learned a lot!
