Posted on 05-03-2012 11:32 AM
Hello all. I was looking through some inventory info and noticed that we have a LOT of accounts on machines in the computer details > Local User Accounts. I'm fairly sure I used to only see real user accounts and not all of the system accounts. We're running JSS 8.51 on MacOS 10.6.8. Is anyone else seeing this?
Here's a sample:
_atsserver Username: _atsserver Real name: ATS Server UID: 97 Home Directory: /var/empty Home Directory Size: 0B Admin: false FileVault 1 Enabled: false _calendar Username: _calendar Real name: Calendar UID: 93 Home Directory: /var/empty Home Directory Size: 0B Admin: false FileVault 1 Enabled: false _clamav Username: _clamav Real name: ClamAV Daemon UID: 82 Home Directory: /var/virusmails Home Directory Size: 0B Admin: false FileVault 1 Enabled: false
Solved! Go to Solution.
Posted on 05-03-2012 12:56 PM
We do not see them. Do you have the check box for Include Hidden Accounts checked in your Settings/Inventory Options/Inventory Collection Preferences/Accounts? I believe if you uncheck that you won't see them anymore.
Posted on 05-03-2012 12:56 PM
We do not see them. Do you have the check box for Include Hidden Accounts checked in your Settings/Inventory Options/Inventory Collection Preferences/Accounts? I believe if you uncheck that you won't see them anymore.
Posted on 05-03-2012 02:45 PM
That was it. Thanks!
Posted on 05-03-2012 04:59 PM
We would disable that except that we want to see our hidden admin account in the list.
It should be possible to create an Extension Attribute that shows all accounts <500 that don't start with "_" (Underscore), I think. ;)
PS. There should also be an option in JSS to not show accounts starting with "_" (Underscore)...I'm off to the Feature Request section...
Don
Posted on 05-03-2012 05:46 PM
@Don, we do exactly that with an EA. Though you can just list all accounts, then use grep to find the service accounts that should be there, provided you have a fairly consistent name for them, and are not using something very generic that the grep may also pick up, like "admin"
Something like:
dscl . -list /Users | grep <hiddenAdminName>
Then a simple if/then to test for the existence of the account and populate the result with a "Yes" or "No' depending on the result of the test.
Posted on 05-03-2012 09:30 PM
@mm2270 Thanks Mike, I'll see if I can get an EA put together that finds the hand full of hidden admin accounts we know exist in the environment.
Posted on 05-04-2012 04:37 AM
Don, look at your FR here:
https://jamfnation.jamfsoftware.com/featureRequest.html?id=306
I posted an EA for you there that will pull all those accounts into your inventory.
Posted on 05-04-2012 06:18 AM
@mm2270 Mike, you rock! We have several analysts working on fairly large refreshes and they need this. Much appreciated!!!