AD Bound managed Macs get profile in / (root)

Randydid
Contributor II

I have a site that has their own Admin team. They are new to JAMF and I am training them up. They have about 175 managed Macs in their Site. Recently (they are not sure exactly when), an Active Directory user will log into one of the Macs. The profile gets created in /Users/ just fine but the twist is that an additional profile is created in the root of the drive too. Nothing has changed that they can point to. I will include a screen grab from one of their test machines (ignore the PS Elements in the root, that is a training issue I have resolved).5da46d08416244d1834aab0e7ff6a973

I have combed through their packages and I do not see anything that might cause this.

Note the AD accounts:

rdiddel
bkimura
mtevans

This is a weird one, but I am reaching out to the JN to see if you have seen this before.

TIA,

/randy

1 ACCEPTED SOLUTION

Randydid
Contributor II

@mm2270 You are correct. There is a library folder only followed by Preferences. So, you are correct it is the $3 thing. I will look at the history of that script to see if they/I changed it by accident. Otherwise, I will re-copy from Rich's Github and test.

Thanks! I will keep reporting what I find.

/randy

View solution in original post

6 REPLIES 6

scott_borcherdt
New Contributor II

I haven't seen this happen, but want to suggest working backwards from the folder creation timestamp. Check policy logs for the affected endpoint etc. It seems odd that Photoshop Elements 14 is in the root directory also, could be another avenue to investigate..

Randydid
Contributor II

@scott.borcherdt The Elements was an issue where she just dropped the .dmg into JAMF Admin-that was a learning moment on her test box. This is happening all over their Site without the Elements element.

The folder creation timestamp coincides with when the user authenticates via AD.

It is as if some sort of mapping bit got flipped but I am not sure where to look or where I might set it.

/randy

rdwhitt
Contributor II

By chance have they configured a Mobility payload in a configuration profile? Maybe someone inadvertently changed the "at path" for the home folder location.

ccbf5fc2b89149a59c8e62fb7f8241ec

Randydid
Contributor II

OK,

I narrowed it down to one of their policies that called three scripts. I took notes about that policy and then deleted it. Then I recreated it and added each of the scripts back one at a time until it started to occur again. Turns out it is the following script that I borrowed from @rtrouton's Github.

The script goes deeper in the weeds that I am able to grok with my scripting knowledge so I am not sure what the actual cause is:

#!/bin/bash

# Determine OS version
osvers=$(sw_vers -productVersion | awk -F. '{print $2}')
sw_vers=$(sw_vers -productVersion)

# Determine OS build number

sw_build=$(sw_vers -buildVersion)

# Checks first to see if the Mac is running 10.7.0 or higher. 
# If so, the script checks the system default user template
# for the presence of the Library/Preferences directory. Once
# found, the iCloud, Diagnostic and Siri pop-up settings are set 
# to be disabled.

if [[ ${osvers} -ge 7 ]]; then

 for USER_TEMPLATE in "$3/System/Library/User Template"/*
  do
    /usr/bin/defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE
    /usr/bin/defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant GestureMovieSeen none
    /usr/bin/defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion "${sw_vers}"
    /usr/bin/defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant LastSeenBuddyBuildVersion "${sw_build}"
    /usr/bin/defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant DidSeeSiriSetup -bool TRUE    
    /usr/bin/defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant DidSeeCloudDiagnostics -bool TRUE
  done

 # Checks first to see if the Mac is running 10.7.0 or higher.
 # If so, the script checks the existing user folders in /Users
 # for the presence of the Library/Preferences directory.
 #
 # If the directory is not found, it is created and then the
 # iCloud, Diagnostic and Siri pop-up settings are set to be disabled.

 for USER_HOME in "$3/Users"/*
  do
    USER_UID=`basename "${USER_HOME}"`
    if [ ! "${USER_UID}" = "Shared" ]; then
      if [ ! -d "${USER_HOME}"/Library/Preferences ]; then
        /bin/mkdir -p "${USER_HOME}"/Library/Preferences
        /usr/sbin/chown "${USER_UID}" "${USER_HOME}"/Library
        /usr/sbin/chown "${USER_UID}" "${USER_HOME}"/Library/Preferences
      fi
      if [ -d "${USER_HOME}"/Library/Preferences ]; then
        /usr/bin/defaults write "${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE
        /usr/bin/defaults write "${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant GestureMovieSeen none
        /usr/bin/defaults write "${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion "${sw_vers}"
        /usr/bin/defaults write "${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant LastSeenBuddyBuildVersion "${sw_build}"
        /usr/bin/defaults write "${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant DidSeeSiriSetup -bool TRUE
        /usr/bin/defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant DidSeeCloudDiagnostics -bool TRUE
        /usr/sbin/chown "${USER_UID}" "${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant.plist
      fi
    fi
  done
fi

exit 0
#!/bin/sh

mm2270
Legendary Contributor III

@Randydid If you look inside the home folder in root, do you only see a "Library' folder inside it, or do you see all the normal folders you usually have in a user directory?
The problem I think is the $3 in front of /Users/ That doesn't seem to be in the original script on @rtrouton's github. Was that added to the script? The reason I ask is because the $3 in the script will be resolving to the username if it's being run by a jamf policy, so I think it's messing up the path to the user directories and this line - /bin/mkdir -p "${USER_HOME}"/Library/Preferences is just creating a user folder with only the Library folder in it.

Randydid
Contributor II

@mm2270 You are correct. There is a library folder only followed by Preferences. So, you are correct it is the $3 thing. I will look at the history of that script to see if they/I changed it by accident. Otherwise, I will re-copy from Rich's Github and test.

Thanks! I will keep reporting what I find.

/randy