[Casper] Searching for Accounts

Thomas Larkin tlarki at kckps.org
Tue Jul 29 10:55:49 PDT 2008 

err should have proof read that....

it should be like this

/usr/bin/dscl . list /Users UniqueID | grep 480

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
cell:  913-449-7589
office:  913-627-0351
>>> "Thomas Larkin" <tlarki at kckps.org> 07/29/08 12:42 PM >>>
I was poking around with dscl not too long ago and I had an issue with
finding hidden accounts.  I can't even remember what I was trying to do,
but I do remember stumbling upon this code.

/usr/bin/dscl . list /Users UniqueID

the UniqueID option will search all users by their UID.  You can pipe
out a grep or awk and maybe print out a range of Unique IDs, or if you
know the ID you can get it that way perhaps.  So, if you set your hidden
admin account for UID 480 you could do this

/usr/bin/dscl . list /Users UniqueID 480

and it should list that user account.  I hope this may help someone.

Thanks,

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
cell:  913-449-7589
office:  913-627-0351
>>> Steve Wood <swood at integerdallas.com> 07/29/08 12:28 PM >>>
The only thing I see this lacking is accounts that have a UID under  
500.  So, if you are hiding an admin account on the system, you won't  
be able to find that system.  At least that's what it appears to me.   
Maybe I'm wrong.  I utilize a hidden account as a second admin in case  
the first admin account is compromised in any way.

And, I notice that under Inventory Preferences on the Admin tab (Admin  
tab -> Inventory Options -> Inventory Preferences) we can map the ARD  
fields to fields in Casper.  This would be perfect for putting a  
"flag" for this user account and then building your smart group on  
that.  For example, if I utilized a shell script in a policy that  
would place something in one of the ARD fields to indicate that user  
was on the system, I could then build my smart group.  The shell  
script might look something like this (assuming a user name of  
"ardadmin"):

#!/bin/bash

fieldText=`dscl . list /Users | grep ardadmin`

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/ 
Contents/Resources/kickstart -configure -computerinfo -set1 -1  
$fieldText


Now, obviously there is no error checking in this, which could be  
thrown in, and probably should.  If the search returns nothing then  
you get the standard kickstart info about what flags to set.  I think  
this is fine and it won't affect the outcome.

Once that runs on the machines they should flow into your smart group  
that is searching for ardadmin in the ARD1 field.


Hope that helps.

Steve Wood
Director, Information Technology
swood at integerdallas.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6907 | C 940.312.2475




On Jul 24, 2008, at 10:54 AM, Ernst, Craig S. wrote:

> Well, would you look at that. I’m glad to be proven wrong.  
> Apparently the receipts section didn’t jump out at me to be the  
> place to look for user accounts. Thanks, Tedd.
>
> Craig
>
> On 7/24/08 10:17 AM, "Tedd Herman" <tedd at jamfsoftware.com> wrote:
>
> Hi All,
>
> As of The Casper Suite, version 5.13, there wasn’t any smart group  
> functionality that will do this, you could create a group of  
> computers that either have or don’t have a certain account. To do  
> this, log into your JSS and click the Logs Tab. In the receipts  
> section of that page, there is a link for “Local User Accounts.” If  
> you click this, it will display all of the local user accounts on  
> managed machines with a button for “Computers with” (this account)   
> or “Computers Without”(this account). A policy could then be scoped  
> to this group to add the user account if that is what the goal is.
>
> In The Casper Suite, version 6, this available as a criteria for  
> Smart groups in the Receipts Info section of the Smart Group  
> interface. If you haven’t received your notification of version 6  
> being available, have no fear! You will receive the downloa> -----------------------------------------------------
> JAMF Software
> 1011 Washington Ave. S, Suite 350
> Minneapolis, MN 55415
> -----------------------------------------------------
> US Support 612> On 7/24/08 8:06 AM, "Steve Wood"
<swood at integerdallas.com> wrote:
>
> When I first read this I thought "sure you can do this", but looking  
> at the options for Smart Groups, I don't think you can.  In fact, I  
> don't even think you can with ARD either.  Finding the machines that  
> have the user should be fairly easy, just use "dscl" along with  
> "grep" to identify the machines that have the account.  The  
> difficult part comes in identifying the machines somehow with a tag  
> that the JSS can use.  If the JSS could use the ARD text fields to  
> build smart groups on, then you could write a value to one of the  
> text fields and grep for that in the Smart Group.
>
> Sorry, hope that gives you some ideas, but I just don't see a way to  
> grep the text fields.
>
>
>
>         Steve Wood
>         Director, Information Technology
>         swood at integerdallas.com
>
>         The Integer Group  |  1999 Bryan St.  |  Ste. 1700  |   
> Dallas, TX 75201
>         T 214.758.6813  |  F 214.758.6907  |  C 940.312.2475
>
>
>
>
>
>
>
> On Jul 23, 2008, at 1:44 PM, Ernst, Craig S. wrote:
>
> Sure can...maybe.
>
>
> Management Tab
> Smart Computer Groups
> New Smart Computer Group
> Give the group a name and check the box if you want notification of  
> additions or removals to the group
> Click the + for Computer Info
> Select Platform
> In the field for Platform enter the word Mac
> Click Save Group
>
>
>  Since you can only create smart groups with managed machines this  
> should give them all to you. In fact you don’t even need to put in  
> any criteria and you should get the same results.
>
>  If you are specifically saying that you have a maintenance account  
> that is NOT the same as the account the JSS uses to manage the  
> machines then I don’t think there are any easy options built into  
> the JSS to do that type of search in mass. Although local account  
> information is stored in the inventory record for each managed  
> machine.
>
>  Hopefully that’s helpful. Otherwise...feel free to submit a feature  
> request. =)
>
>  Craig Ernst
>  Systems Management & Configuration
>  ----------------------------------
>  University of Wisconsin-Eau Claire
>  Learning & Technology Services
>  105 Garfield Ave
>  Eau Claire, WI 54701
>  Phone: (715) 836-3639
>  Fax: (715) 836-6001
>  ----------------------------------
>  ernstcs at uwec.edu
>
>
>
>  On 7/23/08 1:22 PM, "Paul Austin" <paul.austin at wachovia.com> wrote:
>
>
> Oh Wise ones,
>
>  I have a maintenance account on some machines and not others. I  
> would like to be able to create a smart group based on machines with  
> this account, or at least be able to do an inventory search for  
> machines with the account. Can this be done?
>
>  Paul Austin
>  Wachovia Desktop Services
>  704 427-0903
>
>
>   _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
>
> --
> The information contained in this email transmission is solely for  
> the addressee(s) named above and is privileged and/or confidential.   
> If the reader of this message is not the intended recipient or the  
> person responsible to deliver it to the intended recipient; he or  
> she is prohibited from reading or disclosing the information  
> contained in this transmission.  Any examination, use,  
> dissemination, distribution, or copying of this communication is  
> strictly prohibited.  Please contact us immediately by telephone for  
> instructions if you have received this communication in error: (214)  
> 758-6800
>
>
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailmaddressee(s) named above and is privileged and/or confidential.  If the
reader of this message is not the iprohibited from reading or disclosing
the information contained in this
transmission.  Any examination, use, dissemination, distribution, or
copying of this communication is strictly prohibited.  Please contact us
immediately by telephone for instructions if you have received this
communication in error: (214) 758-6800

_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper

More information about the Casper mailing list