New to Casper / Script question

canzonerik
New Contributor

Hello, I am new to the Casper/Jamf world and looking for some help. I am trying to get the 30minAdminJss process working, the Make admin works fine, I am not sure how to get the Remove portion to work. Can someone help me with this?

7 REPLIES 7

davidacland
Honored Contributor II

Hi,

Are you using this script: https://github.com/darklordbrock/Temporary-Admin-30min/blob/master/30minAdminJss.sh

If you are you would just need to add the script to the JSS and create a self service policy for it.

The second part of the script is to add a LaunchDaemon to trigger the removal of the user from the admin group.

What are the symptoms you are seeing?

canzonerik
New Contributor

Hi, davidacland, yes that is the script, I have set up the 30minAdminJss.sh with a policy and it works great, the problem is with the Remove script, I am not sure how to make this work.

Thank you

davidacland
Honored Contributor II

Ah ok. It looks like you need to create a policy with a manual trigger called "adminremove".

In the example script there is a receipt left behind: /var/uits/userToRemove.

You just need to create a second script with the following:

#!/bin/sh

U=$(cat /var/uits/userToRemove)
  # Gets the name of the user to remove

dseditgroup -o edit -d $U -t user admin
  # Takes them out of the admin group

launchctl unload -w /Library/LaunchDaemons/edu.uwm.uits.brockma9.adminremove.plist
  # Unloads the LaunchDaemon

rm /Library/LaunchDaemons/edu.uwm.uits.brockma9.adminremove.plist
  # Deletes the LaunchDaemon

rm /var/uits/userToRemove
  # Deletes the receipt file

exit 0

Add the script to the remove policy that has the manual trigger and that should do the trick.

canzonerik
New Contributor

davidacland, thank you for the advice, when you say "add a policy with a manual trigger" are you referring to the "Custom" trigger?

davidacland
Honored Contributor II

Yes that's the one.

canzonerik
New Contributor

Great, thanks, I noticed the script you posted is quite a bit diff. than the one i grabbed, i will give it a try, thanks again.