- Jamf Nation Community
- Products
- Jamf Pro
- Scripting help - get SecureToken status
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-20-2018 10:43 AM
I am trying to write a script to report back an extension attribute on SecureToken status. Background - we push out a default admin account (aka "admin") during DEP enrollment. DEP prompts for creation of a user through the GUI and our frontline techs will often create a "localadmin" account, which they're supposed to delete later on. Well, things happen, and the account doesnt get deleted every time. I'm trying to make sure that if there's a local admin, it's got SecureToken, which ever account it has. I've got a script that works on one user, but won't work for more than one user returned. I've not really played with
for;dostatements, so this is my first go round. Can someone give me a pointer on where I may be going wrong?
#!/bin/sh
#
# SecureToken for Admin.sh
#
# Get the Username of the local Admin account
ADMINid=$( dscl . list /Users | grep -v ^_.* | grep dmin | grep -v JAMF )
# Get SecureTokenStaus
status=$( dscl . -read /Users/$ADMINid AuthenticationAuthority | grep -o SecureToken )
for i in $ADMINid ; do $status
done
if [[ $status == SecureToken ]]; then
echo "<result>ENABLED for $ADMINid</result>"
else
echo "<result>DISABLED for $ADMINid</result>"
ficurrently I get a result of
<result>ENABLED for admin
localadmin</result>where it fails to run against the 2nd admin account "localadmin" for me. I'd hope it would return something like
<result>ENABLED for admin
ENABLED for localadmin</result>Solved! Go to Solution.
Labels:
- Labels:
-
Scripts
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-20-2018 11:23 AM
Your for i in $ADMINid part isn't working, so "admin" and "localadmin" are being treated as one item, most likely. I usually use a while read loop for these kinds of things myself as it tends to handle each item individually a little better.
Also consider using an array to populate, and then printing the array in the end.
#!/bin/bash
ADMINid=$(dscl . list /Users | grep -v ^_.* | grep dmin | grep -v JAMF)
while read ACCT; do
if [[ $(dscl . -read /Users/$ACCT AuthenticationAuthority | grep -o SecureToken) == "SecureToken" ]]; then
RESULT+=("ENABLED for $ACCT")
else
RESULT+=("DISABLED for $ACCT")
fi
done <<< "$ADMINid"
echo "<result>$(printf '%s
' "${RESULT[@]}")</result>"
Reply
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-20-2018 11:23 AM
Your for i in $ADMINid part isn't working, so "admin" and "localadmin" are being treated as one item, most likely. I usually use a while read loop for these kinds of things myself as it tends to handle each item individually a little better.
Also consider using an array to populate, and then printing the array in the end.
#!/bin/bash
ADMINid=$(dscl . list /Users | grep -v ^_.* | grep dmin | grep -v JAMF)
while read ACCT; do
if [[ $(dscl . -read /Users/$ACCT AuthenticationAuthority | grep -o SecureToken) == "SecureToken" ]]; then
RESULT+=("ENABLED for $ACCT")
else
RESULT+=("DISABLED for $ACCT")
fi
done <<< "$ADMINid"
echo "<result>$(printf '%s
' "${RESULT[@]}")</result>"
Reply
