Jamf Nation Community

Local user accounts are already a searchable criteria. No need for an EA.

@ctangora - if you're referring to the local user account list when you click on a computer to get the details, that would be too time consuming for me to go through each one-by-one. If you're not referring to that, then I am not sure what you're referring to.

@denmoff - I am looking for a report to run on all the Macs that will list the User accounts.

Hope this clears things up.

Thanks for your replies.

On the main computer tab. Change the drop down to search from "computers" to "local user accounts" and put a * (wildcard) in the search bar. It will return a list of all accounts in your JSS. I don't see the export button on the bottom right which is what I'm thinking your after but this will at least get you a up to date on demand list in the JSS.

@tron_jones - Thanks. I just tried that but it's not quite what I am looking for.

I'm sorry if I haven't been very descriptive in what I need but basically I would like to get a list of each Mac in JSS and what user accounts are on each of those. The output of putting a * in the "local user accounts" search is actually the opposite of what I would like.

All of our Macs has a local admin account. Some Macs have only 1 user account in addition to the local admin account and other Macs have multiple user accounts in addition to the local admin account. I am looking for a way to display the User accounts so I can see which Macs have only 1 User account in addition to the local admin account and which Macs have multiple User accounts.

This is the script that Jamf support helped with to show our AD users and more important, which ones have Admin rights.

#!/bin/bash
users=dscl . -read /Groups/admin | grep GroupMembership
for i in ${users}; do if ( [ ${i} != "admin" ] && [ ${i} != "root" ] ); then var="$var $i" fidone
echo "<result>${var}</result>" | tr ' ' ' '

@corbin3ci - Thanks, I'll give that a shot.

Ok, I must be having a brain fart. I uploaded the script that corbin3ci posted into the EA section on the JSS and then I launched Casper Remote and ran Update Inventory on all the computes. I set the inventory to display the EA (I named it "User Accounts") but nothing is showing up in that column.

What did I miss?

Are you only looking to get user accounts that are not system related, or, in other words, with UIDs that are in the 501 and up range? If so, this has probably been covered a half dozen times in other threads already. Do you only need the user names and not whether they are admins, or other details?
If so, although I'm sure the above script will work, there's a much easier way.

#!/bin/bash

echo "<result>$(dscl . list /Users UniqueID | awk '$2 > 500 {print $1}')</result>"

When you say you "uploaded" the above script, what do you mean exactly? For EAs I don't know that you actually upload them. They need to be created directly in the JSS interface, don't they? I'm not sure if the process is different now with 9.x, but that's how they work in 8.x. Also, did you 'save' after entering it in?

Yes, I am looking to get the User accounts that are not system related. I must be using wrong keywords in my searches because I haven't found much relating to what I am looking for. No, I don't need to know if they're admins or not, I just need a list or output for the User accounts on each Mac.

Sorry, "upload" was a bad word choice. I didn't upload anything - I created a New EA.

Yes, I saved it after entering the info.

Thanks for your help!

@rseide][/url, there is a custom report called Show All Users in the November 2011 Resource kit that I added to my JSS (8.73) that produces a report containing the size of all the user home directories. One of the fields is the computer name. You could copy that report and paste it in Excel and then sort the report by the computer name and it will group all the accounts for that computer together and list the users for that computer. Below is an example of the data that report will produce. This might give you the information you are looking for. I see you are using 9.x and I am not sure if these custom reports still work or not.

  Computer Name   Username   Real Name   UID   Home Directory   Home Directory Size   Admin
  John Smith 52035   jsmith   John Smith   501   /Users/jsmith   218G   true
  John Smith 52035   dummy   Dummy   503   /Users/dummy   9.5G   true
  John Smith 52035   backdoor   Backdoor   502   /Users/backdoor   72G   true

@mpermann - I saw that too. Unfortunately, custom reports don't work in 9.22. That custom report would be what I am looking to do.

here is a perly way to do it.

#!/usr/bin/perl -w
use strict;
use IO::File;
(my $progname =$0) =~ s#.*/##;
sub getLocalUsers {
    my @usersToModify;
    open E, "dscl . -list Users |" or die "$progname: dscl . -list $!
";
    while(<E>) {
        chomp;
        next if /^_/;
        next if /^com.apple.calendarserver$/;
        next if /^daemon$/;
        next if /^nobody$/;
        next if /^netboot/;
        next if /^root$/;
        syslog('notice', "Adding %s to userlist", $_);
        push @usersToModify, $_;
    }
    close E;
    my $templdir = "/System/Library/User Template/Non_localized/";
    return @usersToModify;
}

main:
my @names = getLocalUsers();
print "<result>" . join(', ', @names) . "</result>
";

As a side note, I think there is a bug in 9.22.

Local accounts is an option to display, but it does not come up on the reports. Ideally you would use the built-in services of Casper and not have to write an EA, but the display is not showing. However, you can use it to export a file that list all the users, and which machines they are on.

Other than that I would do a basic search like some said above or this one, wrapped around your "results" tag will get you a list of all your users in an EA that you can search on. We use it now for 8.61, but should work fine for 9.22.

#!/bin/sh
dscl . -list /Users UniqueID | awk '$2 >= 500 {print $1;}