Jamf Nation Community

UESCDurandal · ‎12-03-2012

So... My predecessor had the bright idea give our users permanent admin privileges when they "called the help desk way too much"...

Does anyone have a method of searching for admin users that are NOT the admin users that all imaged Macs come with?

If no one has a way, I think I'll put through a feature request. Something along the lines of this as far as searchable options:

Computer has admin account (is/is like/not/not like) "Search Field"

stevewood · ‎12-03-2012

Ryan (@rmanly) wrote up a little EA that could do this in this post:

https://jamfnation.jamfsoftware.com/discussion.html?id=3506

stevewood · ‎12-03-2012

I just tried the EA that @rmanly posted in that article and had problems with it. I took out the "! *not*" in the if/then statement, and it seemed to work. Here's the changed script:

#!/bin/bash

list=()

for username in $(dscl . list /Users UniqueID | awk '$2 > 500 { print $1}'); do
#   if [[ $(dsmemberutil checkmembership -U "${username}" -G admin) ! *not* ]]; then
if [[ $(dsmemberutil checkmembership -U "${username}" -G admin)  ]]; then

        list+=("${username}")
    fi
done

printf "%s " "<result>${list[@]}</result>"
echo

Obviously, test, test, test before deploying.

UESCDurandal · ‎12-03-2012

Unfortunately the script is producing false positives for me. Their user appears in the EA field, but when I go to the Local User Accounts section I see that those users are not admins. I'll have to dig a little deeper and see if these users are part of the admin group, but not official admins.

Nix4Life · ‎12-03-2012

write a script around dscl . -read /Groups/admin GroupMembership, grepping out known accounts...just an idea

LS

Jamf Nation Community

Find unauthorized Admins