Help

TouchID EA

Eskobar
Contributor

Posted on ‎02-01-2023 12:45 AM

I would  like to know how many are using TouchID to unlock their macs.

My EA is working pretty good. However, i am not able to exclude who have the fingerprint set but not used.

Eskobar_1-1675241127084.png

 

Any idea please?

 

0 Kudos
Reply
5 REPLIES 5

DBrowning
Valued Contributor II

Posted on ‎02-01-2023 04:04 AM

So are you looking to determine who have a finger enrolled but have TouchID to unlock disabled?

Reply

Eskobar
Contributor

Posted on ‎02-01-2023 05:21 AM

I like to know only people using Fingerprint to unlock their MacOS

0 Kudos
Reply

DBrowning
Valued Contributor II

‎02-01-2023 05:45 AM - edited ‎02-01-2023 05:45 AM

I don't think you can get that granular from looking at the status.  If you use bioutil -cs it will tell you what users have at least 1 finger enrolled.

$ sudo bioutil -cs
User 503: 2 fingerprint(s)
Operation performed successfully.

0 Kudos
Reply

Jaykrishna1
Contributor II

Posted on ‎02-02-2023 10:57 PM

Unfortunately, it is not possible to determine the number of users who have TouchID set up on their Macs, and whether they are using it to unlock their devices. This information is not typically stored in the configuration profiles or in management tools like Jamf.

However, you could potentially gather this information by conducting a survey or by collecting data manually. For example, you could ask users to indicate whether they have TouchID set up on their Macs and whether they are using it to unlock their devices. You could then compile this data to determine the number of users who are using TouchID to unlock their Macs.

Note: This is a manual process and the accuracy of the data collected will depend on the responses of the users.

0 Kudos
Reply

SahilParmar
New Contributor

Posted on ‎03-21-2023 02:59 AM

#!/bin/zsh
 
# This script will list all the users enrolled in Touch ID
# that have "unlock with fingerprint" enabled.
 
# First, check if the system even supports Touch ID
# If not, bail out and report unsupported.
 
touchIDfunctionality=$(/usr/bin/bioutil -rs | grep "Touch ID functionality")
 
if [[ -z $touchIDfunctionality ]]
then
echo "<result>Unsupported</result>"
exit 0
fi
 
# Next, list all the users over UID 500 and run 'bioutil' with sudo -u .
# Only capture users that have > 0 fingerprints registered,
# and finally confirm that they have enabled unlocking the Mac.
 
tidEnrolledUsers=($(for i in $(ls -lan /Users/ | awk '$3 > 500 { print $9 }'); do sudo -u $i /usr/bin/bioutil -c; done | awk '/User/ && !/0 fingerprint/ { print $0 }' | awk '{ print $2 }' | sed "s_:__g" ))
tidUsersArray=()
 
for i in ${tidEnrolledUsers[@]}
do
tidUser=$(ls -lan /Users/ | grep "$i" | awk 'BEGIN { RS="" ; FS="\n" } { print $1 }' | awk '{ print $9 }')
tidStatus=$(/usr/bin/sudo -u "$tidUser" /usr/bin/bioutil -r | awk '/unlock/ && !/Effective/ { print $5 }')
[[ $tidStatus == "1" ]] && tidUsersArray+=("$tidUser")
done
 
# Finally, print the results!
 
if [[ -n $tidUsersArray ]]
then
echo "<result>Active Users: $tidUsersArray</result>"
else
echo "<result>Not Enabled for Unlock</result>"
fi
0 Kudos
Reply