Is it possible to run a report on all machines that shows when a user account was first created or logged in to

dthompson
New Contributor

We're trying to automate a system that will alert us when a machine is up for refresh. This should normally happen either 2 or 3 years after a machine was deployed to a user. It doesnt have to be exact, a week or 2 outside of that would be fine. I thought that a report for all laptops, the user account assocated with it and the date it was either created or first logged in to would be ideal. However I cant seem to run a report on historical, dated, information.

Is it possible at all?

Thanks.

4 REPLIES 4

mm2270
Legendary Contributor III

If you mean running a report on anything that shows up under the History tab in a JSS Computer record, the answer is no, you can't run reports on any of that, unfortunately. However, all is not lost.
I imagine if all you really need is the creation date of the primary account on the Mac, you could build a script, run as either an Extension Attribute, or just from a standalone policy that can write the results into a local file, that would grab the creation date of the account. From there, if its collected as an EA value, you'll be able to set up a report showing those dates.

Here's an example of what I mean. Say I have an account on the Mac named "mm2270" which is either just a local account or directory based (AD cached mobile, for example) The following line will convert the st_birthtime value from stat into a regular readable date format (YYYY-MM-DD HH:MM:SS)

date -jf "%s" $(stat -s /Users/mm2270 | tr ' ' '
' | awk -F'=' '/st_birthtime/{print $NF}') +"%Y-%m-%d %T"

This might output something like:

2014-09-26 10:28:24

Of course, this assumes that the script knows that the "mm2270" account is the primary account on the Mac. How to determine that piece might be the more complicated part of the script. For that, you could look at using the API to first grab the primary user name from the JSS' computer record. Or, if you use something like FileVault and only a single user enabled for it, the primary user, you could use fdesetup to determine the username first in the script.
I'm not sure what the setup is for your Macs, so I'm only speculating on that last part. You'll need to determine the best way of getting the primary user account name, and then feeding that into a script that could grab the creation date for that account folder.

Hope that helps steer you in a good direction that can help. Post back if you need more help.

dthompson
New Contributor

Yes, I was originally hoping to run a report on info in the history tab so its good to know that there's no point pursuing that dead end.

In regards to FileVault we have 2 accounts enabled on each one thats a no go, but pulling the primary user account from JSS might work

Each of our machines has 3 accounts, 2 of which are of the same naming convention, would there be a way to tell a script to ignore the 2 Standard accounts and use the one remaining account?

Thanks

mm2270
Legendary Contributor III

Sure, If I'm understanding exactly what you mean, you should be able to pull the user account by doing something like the following.
Assuming for a moment your two standard accounts that exist on all Macs are named something like "admin" and "student" and the 3rd account will be the primary user, consider something like this in a script.

dscl . list /Users UniqueID | awk '$2 > 500 {print $1}' | egrep -v "^admin$|^student$"

That should list only the 3rd, primary user account name. It will also exclude any accounts that have a sub 501 UID, so it'll skip all those system related accounts too.

You can use that to populate a variable and use it in the script line I posted above. A more full script might look something like this.

#!/bin/sh

## Try to get the one primary user account on the system
primaryUser=$(dscl . list /Users UniqueID | awk '$2 > 500 {print $1}' | egrep -v "^admin$|^student$")

## Determine if a user account was found, and that there was only one before proceeding
if [[ "$primaryUser" ]] && [[ $(echo "$primaryUser" | awk 'END{print NR}') == 1 ]]; then
    ## Get the 'birth time' for the user account
    creationDate=$(date -jf "%s" $(stat -s /Users/${primaryUser} | tr ' ' '
' | awk -F'=' '/st_birthtime/{print $NF}') +"%Y-%m-%d %T")

    echo "<result>$creationDate</result>"
else
    echo "<result>No Primary User or more than one result</result>"
fi

Alternatively, you could write that value into a local file that can be picked up later by an Extension Attribute script. I say that only because for something like this, it may not be a necessity to have the EA script run at each inventory collection. A one time run by a policy might be sufficient. Its kind of up to you of course.

Let me know if that helps.

dthompson
New Contributor

Hi,

Sorry for the delayed response on this. The script worked beautifully! There were some minor tweaks that had to be made to it to get it to run on our machines but I was able to get one of the guys in the office to help with that. We ran it through JSS on 50 machines and the results were really promising. Theres some more minor changes that need to be made to get some of the Junk results to filter out but over all we're very happy.

Thanks again for the help with everything, really appreciate it!