Local User + Serial

bplotnick
New Contributor II

Hello,

I'm attempting to make a report in JSS to find the local users for all of our enrolled units. Any advice on the simplest way to get this done?

Report Serial + Local User

1 ACCEPTED SOLUTION

easyedc
Valued Contributor II

Can you clarify your request?

Report Serial + Local User

I use an extension attribute to check for local users

#!/bin/sh
local=`dscl . list /Users UniqueID | awk '$2 > 500 && $2 < 1000 { print $1 }'`
echo "<result>$local</result>"
exit 0

This script assumes the user is a) over 500 and b) not an AD account, which for us are UIDs starting at 10000 and up based on job role.

Occasionally I get a lost account and running

dscl . list /Users | grep -v '^_'

Spits out all macOS non-service accounts.

Does that help? Hopefully you can modify it to meet your needs.

View solution in original post

6 REPLIES 6

easyedc
Valued Contributor II

Can you clarify your request?

Report Serial + Local User

I use an extension attribute to check for local users

#!/bin/sh
local=`dscl . list /Users UniqueID | awk '$2 > 500 && $2 < 1000 { print $1 }'`
echo "<result>$local</result>"
exit 0

This script assumes the user is a) over 500 and b) not an AD account, which for us are UIDs starting at 10000 and up based on job role.

Occasionally I get a lost account and running

dscl . list /Users | grep -v '^_'

Spits out all macOS non-service accounts.

Does that help? Hopefully you can modify it to meet your needs.

jychri
New Contributor

bplotnick,

The snippet below will get you the serial number:

serial=$(system_profiler SPHardwareDataType | grep 'Serial Number (system)' | awk '{print $NF}')

bplotnick
New Contributor II

Hello,

Thanks for the responses. So if I had this script into the extension attributes I should be able to pull an inventory check that when exported would have a column for local users? To clarify the ask I'm simply looking to have a record of local users attached to our serial numbers in JAMF.

Goal: To have a record of each serial along with who is using it.

iMatthewCM
Contributor II
Contributor II

Hey @bplotnick I think I've got a script that'll work great for you, no need to run anything on the client machines: https://github.com/iMatthewCM/Jamf-Scripts/blob/master/JamfAPI/directoryReportingAPI.sh

This will also give you the home directories for those users, which you may or may not need, but it's there all the same.

This will require you to be collecting Local Accounts in Inventory Collection (JSS > Settings > Computer Management > Inventory Collection > Collect local user accounts) and the display will be better if you're not also collecting hidden accounts, which is an additional option in Inventory Collection.

Hope that helps!

bplotnick
New Contributor II

@ matthew that seems like just the trick but where do i execute the script?

iMatthewCM
Contributor II
Contributor II

@bplotnick You can run that from your local machine, no need to deploy it anywhere! Just open Terminal and do a:

sudo sh /path/to/directoryReportingAPI.sh

It'll prompt you for credentials to your JSS - all this script is doing is reading information on your Computers, it's not modifying anything.

EDIT: Definitely run this on a Mac, as I hardcoded the current logged in user's Desktop as the place to dump the output file :)