Jamf Nation Community

cdegaeta · ‎11-27-2017

So I'm slowly learning that JAMF uses scripts to fill in a lot of gaps with automating processes (and rightfully so, if you know what you're doing it's definitely the way to go).

In my case, I don't totally know what I'm doing! Been scouring the forums today and found a bunch of scripts that can help me do what I'm trying to do, but I can't seem to piece this script together properly. I want to make a script that will run on a computer as a root, will check the users added locally to the computer. As long as they are not the account created by JAMF (the Management Account) or a Mobile account from AD, the script will remove the account and home folder from the computer the script is being ran on.

This is what I have:

#!/bin/sh

localUsers=$(dscl . list /Users UniqueID | grep -v "_" | awk '$2 < 1000 {print $1}')

For user in $localUsers
do
    if [ "user" != "root" ] && [ "user" != "MGAdmin" ] 
    && [ "user" != "daemon" ] && [ "user" != "nobody" ]
    then
        dscl . Delete /Users/$user
        if [ $? = 0 ]; then echo "Removed user $user from computer";
        fi
    else
        echo "User $user left alone"
    fi
done

And now to explain my logic. I'm basically trying to check against UID first to make sure the UID is in the range of 500 - 999 (above 999 is a mobile account). I then do a check for "reserved" names that I don't want the script to touch, such as MGAdmin and root. If it passes those two conditions, the script will remove the account. Now I've checked the syntax in terminal, however the script fails at line 3 everytime. The script does not like how I'm using the awk command and it's taking "1000" as a file/directory. But meanwhile it doesn't do this when I manually type that whole line into terminal. And this is after simplifying that line of syntax as much as I could (eg, originally that line was doing an awk $2 > 500 && $2 < 999, but I could not get it to behave no matter how I lined up the parenthesis, quotes, etc. So I used the grep instead to help clean up the list before ignoring the mobile account altogether).

Any help you guys could provide would be greatly appreciated!

DBrowning · ‎11-27-2017

@cdegaeta

I copy and pasted this exact script in a new file and it ran without issue. Try creating a new script file. Also i added deleting the home folder (assuming its at /Users/$user)

#!/bin/sh

localUsers=($(dscl . list /Users UniqueID | grep -v "_" | awk '$2 < 1000 {print $1}'))

for user in ${localUsers[@]}; do
    if [[ "$user" == "root" ]] || [[ "$user" == "MGAdmin" ]] || [[ "$user" == "daemon" ]] || [[ "$user" == "nobody" ]]; then
       echo "User $user left alone"
    else
        dscl . -delete /Users/$user
        if [ $? -eq 0 ]; then 
         echo "Removed user $user from computer"
         rm -rf /Users/$user
        fi
   fi
done

View solution in original post

thoule · ‎11-27-2017

I'm not seeing the issue. Your script looks fine to me.

#!/bin/sh                                                                                                                                                                                          
localUsers=$(dscl . list /Users UniqueID | grep -v "_" | awk '$2 < 1000 && $2 > 500 {print $1}')

for user in $localUsers
do
    if [ "user" != "root" ] && [ "user" != "MGAdmin" ] && [ "user" != "daemon" ] && [ "user" != "nobody" ]; then
            echo "Removed user $user from computer";
    else
        echo "User $user left alone"
    fi
done

p.s. Jamf has a 'deleteAccount' verb

DBrowning · ‎11-27-2017

@cdegaeta Try this:

#!/bin/sh

localUsers=($(dscl . list /Users UniqueID | grep -v "_" | awk '$2 < 1000 {print $1}'))

for user in ${localUsers[@]}; do
    if [[ "$user" == "root" ]] || [[ "$user" == "MGAdmin" ]] || [[ "$user" == "daemon" ]] || [[ "$user" == "nobody" ]]; then
       echo "User $user left alone"
    else
        dscl . -delete /Users/$user
        if [ $? -eq 0 ]; then 
         echo "Removed user $user from computer"
        fi
   fi
done

I used very similar logic when I was automating a domain migration.

justin_smith · ‎11-27-2017

try a lowercase "f" in your for statement

justin_smith · ‎11-27-2017

#!/bin/sh

localUsers=$(dscl . list /Users UniqueID | grep -v "_" | awk '$2 < 1000 {print $1}')

for user in $localUsers ; 

do

if [ "$user" != "root"  ] &&[ "$user" != "MGAdmin" ] && [ "$user" != "daemon" ] && [ "$user" != "nobody" ]; 

    then

       dscl . Delete /Users/$user &&  echo "Removed user $user from computer";

    else
        echo "User $user left alone"
fi

done

cdegaeta · ‎11-27-2017

Thanks thoule and ddcdennisb. Your verbal confirmation that the script looks fine is definietely re-assuring, however I'm still having a tough time with this.

Thoule, I re-pasted your script exactly as shown and these are the errors I get when I try to execute it from the terminal:

line 9: unexpected EOF while looking for matching `"'
line 12: syntax errorL unexpected end of file

I don't see any extra quotes in there and there's a done at the bottom so not sure where the EOF comes into play.

Ddcdennisb, I also tried your script. It's yielding these errors:

line 6: syntax error in conditional expression
line 7: syntax error near "$user'
line 7: ' echo "User $user left alone"'

Still feels like I'm doing wrong, but I'll let the jury decide. Thanks again for your help and quick responses!

justin_smith · ‎11-27-2017

Last follow up I swear. None of those delete the home folder. That needs to be done in a subsequent command.

DBrowning · ‎11-27-2017

@cdegaeta

I copy and pasted this exact script in a new file and it ran without issue. Try creating a new script file. Also i added deleting the home folder (assuming its at /Users/$user)

#!/bin/sh

localUsers=($(dscl . list /Users UniqueID | grep -v "_" | awk '$2 < 1000 {print $1}'))

for user in ${localUsers[@]}; do
    if [[ "$user" == "root" ]] || [[ "$user" == "MGAdmin" ]] || [[ "$user" == "daemon" ]] || [[ "$user" == "nobody" ]]; then
       echo "User $user left alone"
    else
        dscl . -delete /Users/$user
        if [ $? -eq 0 ]; then 
         echo "Removed user $user from computer"
         rm -rf /Users/$user
        fi
   fi
done

cdegaeta · ‎11-27-2017

Got that Justin, that's definitely my next step!

Anyways, I think a huge chunk of my problem was how I was editing these scripts. I was using TextEdit and saving as plain text, but it appears the file gets all screwy if I make small edits to it. So now I've been doing that with vi.

So if using TextEdit as a script editor is suspect, what's a good GUI alternative to VI?

DBrowning · ‎11-27-2017

@cdegaeta

I use TextMate. There is Sublime Text as well but that cost like $80.

justin_smith · ‎11-27-2017

@cdegaeta

TextEdit likes to convert everything to rtf so that's definitely problematic.

I still use TextWrangler which is replaced now by BBedit - there's a 30 day trial with features that I don't think I've ever used, and after that it reverts to TextWrangler functionality.

cdegaeta · ‎11-27-2017

Thank you justin and ddcdennisb!

And yes, TextEdit was definitely messing me up. TextMate will do just fine for my once in a while scripting.

hodgesji · ‎11-27-2017

Not super light-weight, but I like Atom

jason_bracy · ‎11-27-2017

Just checking if you have had any luck deleting your last local (non-mobile) account? I have a policy in Casper to delete our imaging account after the hidden administrator account is created (UID 499). and High Sierra will not allow it to be deleted even when there is a mobile account installed.

Starting to get very frustrated with High Sierra management!

Jamf Nation Community

Delete Any Non-Mobile, Non-Managed Local User