- Jamf Nation Community
- Products
- Jamf Pro
- Re: Stealthy way of mapping user drives?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Stealthy way of mapping user drives?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-06-2018 07:52 AM
So I've been working on a script to map a users home drive, then use a file on there to map the rest of their drives. This is the code for the first part (redacted in some places):
#!/bin/sh
exec >> "/var/log/drive.log" 2>&1 ## must be run as admin or root for exec to work
sudo defaults write /Library/Preferences/com.apple.NetworkAuthorization AllowUnknownServers -bool YES
#Get the logged in users username
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
#Get logged in users home server
userHomeServer=$(dscl /Active Directory/COMPANY/All Domains -read /Users/$loggedInUser SMBScriptPath | awk '{if(NR>1)print}' | cut -c 14- | cut -c -6 | tr -d '[:space:]')
if [[ $userHomeServer == *"AU"* ]]
then
echo "AU home drive"
userHomeServer=$(dscl /Active Directory/COMPANY/All Domains -read /Users/$loggedInUser SMBScriptPath | awk '{if(NR>1)print}' | cut -c 14- | cut -c -8 | tr -d '[:space:]')
echo $userHomeServer
elif [[ $userHomeServer == *"PHX"* ]]
then
echo "PHX home drive"
userHomeServer=$(dscl /Active Directory/COMPANY/All Domains -read /Users/$loggedInUser SMBScriptPath | awk '{if(NR>1)print}' | cut -c 14- | cut -c -9 | tr -d '[:space:]')
echo $userHomeServer
elif [[ $userHomeServer == *"CH"* ]]
then
echo "CH home drive"
userHomeServer=$(dscl /Active Directory/COMPANY/All Domains -read /Users/$loggedInUser SMBScriptPath | awk '{if(NR>1)print}' | cut -c 14- | cut -c -8 | tr -d '[:space:]')
echo $userHomeServer
else
echo "Normal Home Drive"
userHomeServer=$(dscl /Active Directory/COMPANY/All Domains -read /Users/$loggedInUser SMBScriptPath | awk '{if(NR>1)print}' | cut -c 14- | cut -c -6 | tr -d '[:space:]')
echo $userHomeServer
fi
homeDrive="Mount Volume "smb://COMPANY.com/SERVER/$userHomeServer/$loggedInUser""
echo "Home Drive: $homeDrive"
#Mount the network Drive
osascript -e "$homeDrive"So it works fine and mounts the home drive. But there area cases when a user isn't logged in or a local admin is logged in. Also sometimes their extra drives file has drives which they don't have access to. So using this method, if there is an error it pops up they default "There was a problem connecting to server".
So was wondering if there is a stealthier method to map a network drive and if there is a failure of any kind, to just report it in the log file and not bother the user.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-12-2018 10:03 PM
So it works fine and mounts the home drive. But there area cases when a user isn't logged in or a local admin is logged in.
I think you could solve that issue with this:
if [[ "$(dscacheutil -q user | grep -A 2 "$loggedInUser" | awk '/uid:/ {print $2}')" -lt "9999" ]]
then
echo "local user"
exit
else
echo "AD user"
fi
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-13-2018 01:45 PM
This is similar to what I use but with a lot less logic. This will determine if it is a local account and exit. This will look to see if the user has an SMBHome attribute in their user account, and if they don't it will exit. This will also determine if the mount was successful, and if not will exit abnormally.
#!/bin/bash
loggedInUser=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
accountType=$(/usr/bin/dscl . -read "/Users/$loggedInUser" | grep UniqueID | cut -c 11-)
ADHome=$(/usr/bin/dscl . -read "/Users/$loggedInUser" | grep SMBHome: | cut -c 10- | sed 's/\///g')
# You need to change this to match what your mount point would look like
mountPoint="/Volumes/$loggedInUser"
[[ $accountType -lt "1000" ]] && echo "Local account; exiting." && exit 0
[[ -z "$ADHome" ]] && echo "No Value for AD Home returned" && exit 0
function mount_home () {
ADHome="${ADHome/////smb://}"
echo "Attempting to mount AD Home $loggedInUser..."
/usr/bin/osascript -e "mount volume "$ADHome"" 2&> /dev/null
}
alreadyMounted=$(mount | grep "$mountPoint" | awk '{print $1}')
if [[ -z "$alreadyMounted" ]]; then
if mount_home ; then
echo "AD Home volume appeared to mount successfully."
exit 0
else
echo "Error detected during mount, checking once more for AD Home..."
if [[ ! -d "$mountPoint/$loggedInUser" ]]; then
echo "AD Home not detected; beginning abort process."
# Do something here if you want
exit 1
fi
fi
else
echo "AD Home volume appears to already be mounted at:"
echo " $alreadyMounted"
exit 0
fiOptions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-14-2018 05:08 AM
Thanks guys! Will keep working on it. The user community seems to like this feature, but hate getting error messages. So seeing if I can find a middle ground.
