Jamf Nation Community

When I first read this I thought "sure you can do this", but looking at the options for Smart Groups, I don't think you can. In fact, I don't even think you can with ARD either. Finding the machines that have the user should be fairly easy, just use "dscl" along with "grep" to identify the machines that have the account. The difficult part comes in identifying the machines somehow with a tag that the JSS can use. If the JSS could use the ARD text fields to build smart groups on, then you could write a value to one of the text fields and grep for that in the Smart Group.

Sorry, hope that gives you some ideas, but I just don't see a way to grep the text fields.

Steve Wood
Director, Information Technology
swood at integerdallas.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6907 | C 940.312.2475

Hi All,

As of The Casper Suite, version 5.13, there wasn't any smart group functionality that will do this, you could create a group of computers that either have or don't have a certain account. To do this, log into your JSS and click the Logs Tab. In the receipts section of that page, there is a link for "Local User Accounts." If you click this, it will display all of the local user accounts on managed machines with a button for "Computers with" (this account) or "Computers Without"(this account). A policy could then be scoped to this group to add the user account if that is what the goal is.

In The Casper Suite, version 6, this available as a criteria for Smart groups in the Receipts Info section of the Smart Group interface. If you haven't received your notification of version 6 being available, have no fear! You will receive the download link by the end of the week.

Tedd Herman / Product Specialist
-----------------------------------------------------
JAMF Software
1011 Washington Ave. S, Suite 350
Minneapolis, MN 55415
-----------------------------------------------------
US Support 612-216-1296
UK Support 020-3002-3907

The only thing I see this lacking is accounts that have a UID under 500. So, if you are hiding an admin account on the system, you won't be able to find that system. At least that's what it appears to me. Maybe I'm wrong. I utilize a hidden account as a second admin in case the first admin account is compromised in any way.

And, I notice that under Inventory Preferences on the Admin tab (Admin tab -> Inventory Options -> Inventory Preferences) we can map the ARD fields to fields in Casper. This would be perfect for putting a "flag" for this user account and then building your smart group on that. For example, if I utilized a shell script in a policy that would place something in one of the ARD fields to indicate that user was on the system, I could then build my smart group. The shell script might look something like this (assuming a user name of "ardadmin"):

#!/bin/bash

fieldText=dscl . list /Users | grep ardadmin

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/ Contents/Resources/kickstart -configure -computerinfo -set1 -1 $fieldText

Now, obviously there is no error checking in this, which could be thrown in, and probably should. If the search returns nothing then you get the standard kickstart info about what flags to set. I think this is fine and it won't affect the outcome.

Once that runs on the machines they should flow into your smart group that is searching for ardadmin in the ARD1 field.

Hope that helps.

Steve Wood
Director, Information Technology
swood at integerdallas.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6907 | C 940.312.2475