Remote Management Status Extension Attribute

bmarks
Contributor II

I am officially stumped. I have created the following Extension Attribute, and it works fine when I trigger a Recon on a Mac via Terminal. However, when a Recon runs on its own (like a daily Recon,) the status changes. I suspect it has something to do with the user that the EA is running as, but I can't seem to solve this.

My goal is to create an EA so that I can determine whether a user has the Screen Sharing or Remote Management checkboxes selected in Sharing System Preferences and then run policies using smart groups that use this EA. This works... until a scheduled Recon runs.

I will admit my scripting abilities aren't the best, so what I am doing wrong might be obvious to someone else.

Here is the EA:

#!/bin/bash loggedInUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}') ardStatus=$(sudo -u "$loggedInUser" launchctl list | grep '^d.RemoteDesktop.' | awk '{print $3}') if /bin/launchctl list | grep -i com.apple.screensharing; then if [ "$ardStatus" = "com.apple.RemoteDesktop.agent" ]; then status="Remote Management Enabled" else status="Screen Sharing Enabled" fi else status="Disabled" fi echo "<result>${status}</result>" exit 0
1 REPLY 1

iJake
Valued Contributor

You should read a LaunchDaemon or LaunchAgent status with the newer syntax:

LaunchDaemon

launchctl print system/com.whatever.whatever

LaunchAgent for a user

launchctl print gui/$(id -u "$currentUser")/com.whatever.whatever

Then you can parse out whatever you need.