JNUC 2015 - Solving Real Needs with the Command Line

matt4836
Contributor II

View the JNUC Video http://www.jamfsoftware.com/resources/solving-real-needs-with-the-command-line/

Assigning a Computer to a User using Last Login

This will assign a computer record in the JSS to the user that last logged into the computer.

  1. Create a new Policy or edit existing Inventory Policy
  2. In the Files and Processes Payload add to Execute Command:
    jamf recon -endUsername $(defaults read /Library/Preferences/com.apple.loginwindow lastUserName)

Smart Group from Dummy Receipt

Create a Smart Group based on the existence of a file on a computer.
1. During provisioning or imaging place a file on the computer with a package or script for example:

echo "Kiosk" > "/Library/Application Support/Company/computerType"

2. Create an Extension Attribute populated with a script:

#!/bin/bash
computerType="/Library/Application Support/Company/computerType"
[ -e "$computerType" ] && echo "<result>$(cat "$computerType")</result>"  || echo "<result>None</result>"

3. Create a Smart Group with "Computer Type" as criteria.

Promoting or Demoting Users

Turn all users on a computer to standard accounts except a specific user.

  1. Create a script in the JSS:
    #!/bin/bash
    # Define user to ignore in the array
    adminUserToSkip="$4"
    # Create User Array
    userList=$(dscl . list /Users UniqueID | awk '$2 > 500 {print $1}')
    # Go through array skipping our user to keep 
    for user in ${userList[@]};do 
    [ "$user" == "$adminUserToSkip" ] && continue;
    dseditgroup -o edit -d "$user" -t user admin
    done
  2. Name Parameter 4 to "Account to Keep as Admin"
  3. Create a Policy that deploys the script with the account name in Parameter 4.
To make all users admins change
dseditgroup -o edit -d "$user" -t user admin
to
dseditgroup -o edit -a "$user" -t user admin
15 REPLIES 15

gachowski
Valued Contributor II

Just asking to double check... but last I tried.

"recon -endUserName" just runs a recon.. the recon "verbs" were dropped...

https://jamfnation.jamfsoftware.com/featureRequest.html?id=78

Shawn_Waller
New Contributor II

Anyone get this error while running the User at last login command?

Result of command:
sh: Jamf: command not found

bollman
Contributor II

The jamf binary should be in all lower case maybe?

Shawn_Waller
New Contributor II

Tried both ways

mm2270
Legendary Contributor III

Put the full path to the binary in the command. If this is happening on JSS 9.8x and up its possible its running up against a PATH variable issue.
Change the command to:

/usr/local/jamf/bin/jamf recon -endUserName $(defaults read /Library/Preferences/com.apple.loginwindow lastUserName)

See if it works that way.

Shawn_Waller
New Contributor II

Bingo! That works. Thanks!!

isradame
Contributor

That command has never worked for me.
This is what I use.

if [ -z $3 ]; then currentUser=stat -f '%Su' /dev/console; else currentUser=$3; fi; jamf recon -endUsername $currentUser

Grant_Klingbeil
New Contributor III

@gachowski Some of the verbs were dropped, but there are still a lot available. Running this will get you the list available with your JSS version:

jamf help recon

The big difference is that the available ones aren't tied to the inventory report itself, but to the computer or user information. The ones that are missing were fragments of inventory reports which could cause a loss of data integrity.

gachowski
Valued Contributor II

@Grant.Klingbeil

Thank you Thank you Thank you !!!!!!! : ) I was just going to test, as I just pulled -endUsername out of my set up script : )

C

chrisbju
New Contributor III

/usr/local/jamf/bin/jamf recon -endUsername $(defaults read /Library/Preferences/com.apple.loginwindow lastUserName)

Works for me. Had to remove the capital N in -endUserName.

The following options allow you to specify inventory information for the computer:

-assetTag The asset tag of the computer

-endUsername The user name of the primary user

-realname The real name of the primary user

-email The email address of the primary user

-position The position (job title) of the primary user

-building The text representation of a building in the jSS

-department The text representation of a department in the JSS

-phone The phone number of the primary user

-room The room that the computer is in

-ldapServerID The JSS ID of the LDAP server to which the primary user belongs

-userID The user ID of the primary user's account in the LDAP server.

CarrieNZ
New Contributor III

thanks @Grant.Klingbeil, the lowercase "n" solved it for me :)

donparfet
Contributor

Now that I have set up the policy to capture the last username to populate into the inventory record, I realize I need to define a computer type that will allow me to differentiate between individual assigned machines and student use/loaner/multi-use machines. Any suggestions how to create the "computer type" file at image deploy time to accomplish this? The only idea I have at the moment is to create separate configurations for every type of deployment. Any better ideas?

bpavlov
Honored Contributor

@donparfet Could you clarify a bit more? Otherwise I assume that your question is answered in the very first post of this discussion....

Smart Group from Dummy Receipt
Create a Smart Group based on the existence of a file on a computer.
1. During provisioning or imaging place a file on the computer with a package or script for example:

echo "Kiosk" > "/Library/Application Support/Company/computerType"

2. Create an Extension Attribute populated with a script:

#!/bin/bash
computerType="/Library/Application Support/Company/computerType"
[ -e "$computerType" ] && echo "<result>$(cat "$computerType")</result>"  || echo "<result>None</result>"

If the problem is that you want to be able to 'choose' different computer types then you can probably make use of some applescript dialog box so that you get a prompt to select from a predefined list.

donparfet
Contributor

@bpavlov My musing is on how I might set up some process that will populate the "computerType" at time of imaging in order to make good use of this concept. I would want the techs, at time of imaging, to be able to select a "computerType" from a list of some sort in order to populate "computerType" with types like 'Kiosk' or 'Lab' or 'Student Use', etc.
I have selected a number of machines in our environment now and added an appropriate "computerType" to them, and have created smart groups based on those "computerType".
The only method that I have thought through at this point would be to create separate image configurations that populate the "computerType" field.
SO, I am wondering if there might be other ideas how one might accomplish populating "computerType" at the time a machine is being prepared.

matt4836
Contributor II

@donparfet What I typically see is Smart Configurations.

You would have a Standard Configuration that is a majority of your image workflow, then either a script or package in the Smart Configuration that sets the computerType. The techs would choose the appropriate one.

Standard Configuration (OS X, Apps, Settings) |Smart Configuration (computerType=Student) |_Smart Configuration (computerType=Staff) |...

Hope that makes sense.

Another option is a tech selects one from Self Service after imaging. You have a few policies scoped to Computers that do not have a computerType set all set to a category like "Post-Imaging" or something. Then the tech runs the appropriate one from Self Service, setting the type, thus removing the entire category from Self Service.