Find unauthorized Admins

UESCDurandal
Contributor II

So... My predecessor had the bright idea give our users permanent admin privileges when they "called the help desk way too much"...

Does anyone have a method of searching for admin users that are NOT the admin users that all imaged Macs come with?

If no one has a way, I think I'll put through a feature request. Something along the lines of this as far as searchable options:

Computer has admin account (is/is like/not/not like) "Search Field"

4 REPLIES 4

stevewood
Honored Contributor II
Honored Contributor II

Ryan (@rmanly) wrote up a little EA that could do this in this post:

https://jamfnation.jamfsoftware.com/discussion.html?id=3506

stevewood
Honored Contributor II
Honored Contributor II

I just tried the EA that @rmanly posted in that article and had problems with it. I took out the "! *not*" in the if/then statement, and it seemed to work. Here's the changed script:

#!/bin/bash

list=()

for username in $(dscl . list /Users UniqueID | awk '$2 > 500 { print $1}'); do
#   if [[ $(dsmemberutil checkmembership -U "${username}" -G admin) ! *not* ]]; then
if [[ $(dsmemberutil checkmembership -U "${username}" -G admin)  ]]; then

        list+=("${username}")
    fi
done

printf "%s " "<result>${list[@]}</result>"
echo

Obviously, test, test, test before deploying.

UESCDurandal
Contributor II

Unfortunately the script is producing false positives for me. Their user appears in the EA field, but when I go to the Local User Accounts section I see that those users are not admins. I'll have to dig a little deeper and see if these users are part of the admin group, but not official admins.

Nix4Life
Valued Contributor

write a script around dscl . -read /Groups/admin GroupMembership, grepping out known accounts...just an idea

LS