Jamf Nation Community

donmontalvo · ‎01-13-2012

We can use this to get local accounts:

$ dscl /Local/Default -list /Users UniqueID | awk '$2 >= 100 { print $1 }'

But it returns some system accounts. How do we exclude these (they begin with underscore)?

Thanks,
Don

--
https://donmontalvo.com

jstrauss · ‎01-14-2012

Try:

dscl /Local/Default -list /Users UniqueID | awk '$2 >= 100 { print $1 }' | grep -v "_"

Hope this helps!

View solution in original post

sean · ‎01-17-2012

dscl /Local/Default -list /Users UniqueID | awk '$2 >= 100 { print $1 }' | grep -v "^_"

View solution in original post

jstrauss · ‎01-14-2012

Try:

dscl /Local/Default -list /Users UniqueID | awk '$2 >= 100 { print $1 }' | grep -v "_"

Hope this helps!

donmontalvo · ‎01-15-2012

Thanks! Works great! Karl responded over at MacEnterprise.org with another variation:

dscl /Local/Default -list /Users uid | awk '$2 >= 100 && $0 !~ /^_/ { print $1 }'

Don

--
https://donmontalvo.com

sean · ‎01-17-2012

dscl /Local/Default -list /Users UniqueID | awk '$2 >= 100 { print $1 }' | grep -v "^_"

sean · ‎01-17-2012

Sorry, hit go too quickly. There are already responses. I would however go with mine of Don's, as these explicitly say line starts with an underscore

tlarkin · ‎01-17-2012

Do you have any accounts on your systems that are not used by the system and have a UID of lower than 500?

mjohnston · ‎11-06-2015

Does anyone know how to refine this search to show local administrator accounts only?
Or does anyone know the best way to get a report of all machines with local admin accounts on them?
Thanks,
Matt

tlarkin · ‎11-06-2015

You can try this snip of code @mjohnston

dscl . read /Groups/admin GroupMembership

or

You can run an EA and just check to see if the local account is a member of the admin group every time a device checks in for recon. Example:

#!/bin/bash

currentUser=$(ls -l /dev/console | awk '{ print $3 }')
checkAdmin=$(dseditgroup -o checkmember -m ${currentUser} admin | awk '/yes/ { print $1 }')

if [[ ${checkAdmin} == 'yes' ]]
  then echo "<result>admin true</result>"
  else echo "<result>admin false</reult>"
fi

The above EA would allow you to build a report in the JSS.

Cheers,
Tom

mjohnston · ‎11-06-2015

@tlarkin Thanks for this info. It's moved me forward in the process.
I had already built a report using an EA but I didn't have the script right and it was returned ALL user accounts.
I assume I have to wait until all machines have checked in with Casper until it can populate? It's early here so only a few machines on.
Is there a way I can force ALL machines to check in or do I just have to be patient?

Thanks a bunch.
Matt

mm2270 · ‎11-06-2015

It will depend on your JSS settings, but generally, machines should check in as soon as they come online, especially if they haven't been in contact with the JSS for a little while. I would just wait a bit and run some advanced searches using the EA criteria and see what starts showing up. If all looks good, build your Smart Group.

Also, you can look at my post here for a more involved/advanced EA script that will report on all accounts on the Mac and whether they are local or domain as well as admin or standard.
https://jamfnation.jamfsoftware.com/featureRequest.html?id=2065#responseChild10170

mjohnston · ‎11-06-2015

Thanks a bunch for all your help.

Jamf Nation Community

dscl command to list local users but exclude system accounts?