- Jamf Nation Community
- Products
- Jamf Pro
- Script to tell who has Admin rights to their compu...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2013 11:44 AM
I want to push out a script to tell who has Admin rights to their computer, is there a way I can do this on Casper report?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2013 02:43 PM
@technicholas, first, you're going to want to wait a while for your Macs to report in with new inventory. How long you need to wait is going to depend on how reliably your Mac clients check in. If they are all Desktops on a wired connection and you've set Update Inventory for once a day for example, it shouldn't take long. If they are mobile machines, could take several days to weeks.
But you could run an initial report just to see what's being reported by doing these steps-
- Under Inventory, choose Advanced Search - Add no criteria in if you want to see all your managed clients - Under the Display Fields, check the columns you want to show, making sure to include your new EA, whatever you named it
Then run the report. Any Macs that have reported in with something to show should show some data in that column.
You could save that report and come back to it in several days and run it again to see what's been updated.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2013 12:19 PM
There is a Extension Attribute I got from JAMFNATION that was posted by someone else. I feel horrible that I didn't document who posted it. Here it is:
#!/bin/bash
# Script to detect if a computer has a local admin account on it with an UID of above 500
# Initialize array
list=()
# generate user list of users with UID greater than 500
for username in $(dscl . list /Users UniqueID | awk '$2 > 500 { print $1 }'); do
# Checks to see which usernames are reported as being admins. The
# check is running dsmemberutil's check membership and listing the
# accounts that are being reported as admin users. Actual check is
# for accounts that are NOT not an admin (i.e. not standard users.)
if [[ $(dsmemberutil checkmembership -U "${username}" -G admin) != *not* ]]; then
# Any reported accounts are added to the array list
list+=("${username}")
fi
done
# Prints the array's list contents
echo "<result>${list[@]}</result>"Here is an example of the results for a system with three admins. Notice they displayed on one line:
User - local admin accounts: jason m0000421 mactech
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2013 12:37 PM
Credit for that script goes to Ryan Manly. I copied it to my GitHub repo when he posted it to the Casper email list:
I also wrote a post about it at the time:
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2013 01:12 PM
ignore; old broken version previously posted
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2013 02:26 PM
rtrouton,
So I added the Extension Attributes how do I run a report??
Thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2013 02:43 PM
@technicholas, first, you're going to want to wait a while for your Macs to report in with new inventory. How long you need to wait is going to depend on how reliably your Mac clients check in. If they are all Desktops on a wired connection and you've set Update Inventory for once a day for example, it shouldn't take long. If they are mobile machines, could take several days to weeks.
But you could run an initial report just to see what's being reported by doing these steps-
- Under Inventory, choose Advanced Search - Add no criteria in if you want to see all your managed clients - Under the Display Fields, check the columns you want to show, making sure to include your new EA, whatever you named it
Then run the report. Any Macs that have reported in with something to show should show some data in that column.
You could save that report and come back to it in several days and run it again to see what's been updated.
