Posted on 05-15-2017 11:17 AM
Hello all,
I believe that this is a simple problem and that it may be already answered in a lot of other topics but unfortunately, all the scripts that I tested didn't solve my problem.
I need to deploy a policy to local users only avoiding the managed accounts.
I noticed that the perfect way is using the UID but I can't seem to use the scripts that I have found here.
I need a way to list local users (501 and above) and the managed accounts (one that I have identified its 2146602887). The best way would be creating a smart group so that I could scope only to that group.
I'm not worried with users changing the UID because I know they won't do it, I really just need to filter the users.
Posted on 05-15-2017 11:24 AM
Could you possibly explain a little more on what data you're hoping to get with a script? Do you just need a list of UIDs above 500? Or do you need a list of the same UIDs that also excludes one particular UID from it's result?
Posted on 05-15-2017 11:37 AM
This might get you what you're looking for. Realistically, you can keep the comparison values between 500-1000. This will print out the username but you can always replace the {print $1} with {print $2} to list just the UUIDs. The sort -n is also not needed and can be removed, it just puts things in order by UUID.
#!/bin/sh
localAccounts=$(dscl . list /Users UniqueID | sort -n | awk 'BEGIN{i=400}{if($2>500 && $2<1000)i=$2}END{print $1}')
echo "$localAccounts"
Posted on 05-15-2017 11:39 AM
It's simple, I have a policy that can't be sent to managed accounts. UIDs above 500 will list local and managed accounts so what I need it's a list of accounts with UID above (for instance) 1000.
So, the data that I want is the laptops with managed accounts so that they won't receive that specific policy.
Posted on 05-15-2017 11:46 AM
Thanks @andrew.nicholas, what's the best way to implement this? I'm a little noob with scripting. Have created a Extension Atribute but I may be doing something wrong wen using it on a Smart Group...
Posted on 05-15-2017 11:50 AM
OK. In that case:
dscl . list /Users UniqueID | awk '$2 > 1000 {print $1}'
The above would list accounts with UIDs above 1000, so avoiding all the local accounts.
Like @andrew.nicholas mentioned in his post above, if you want the UIDs instead of the usernames, change print $1
to print $2
The only thing I'm not clear on is how you wanted to use the above. As an Extension Attribute? Or were you planning on having that run as the first part of a script and exit if it comes back with results?
If you wanted to make it into an EA, one way would be to have it send back an integer. Then you could create the EA as an integer value and scope to any machines that have a "0" as a result, meaning there are no accounts with UIDs above 1000 on the device.
#!/bin/bash
ManagedAccts=$(dscl . list /Users UniqueID | awk '$2 > 1000' | wc -l | xargs)
echo "<result>$ManagedAccts</result>"
Posted on 05-15-2017 12:05 PM
Thanks guys, tomorrow wen I get back to the office I will try it and give feedback.
Posted on 05-15-2017 12:31 PM
The method I posted about is more targeted towards implementation in a script when you want to iterate over the returned accounts, but if you're just trying to return if a current user account is not an admin, then an extention attribute could be done as~~StriketroughText~~
#!/bin/sh
currentUser=$(ls -l /dev/console | cut -d " " -f 4)
result=$(dscl . read /Users/$currentUser UniqueID | awk '{print ($2 < 1000 && $2 > 500) ? "true" : "false"}')
echo "<result>$result</result>"