[Casper] one of those days, can't remember syntax

Fri Jan 16 10:27:15 PST 2009

Well 

On some machines it shows the admin value as true and on others it
doesn't.  This inconsistency is really making me think that some users
promoted their accounts to admin via an older test account which they
got the password to.  Then again, dscl returns that they are not admins.
  Some of these machines have obviously been changed by someone other
than the IT staff, so I know some of them have been promoted. 

I was looking at a way to loop /Users and make sure all users are
demoted just back to staff and not admin at all.  However, I am getting
conflicting information from dscl and jamf listUsers 

Thoughts?

>>> "Thomas Larkin" <tlarki at kckps.org> 01/16/09 10:23 AM >>>

OK 

This is what confuses me and frightens me... 

jamf listUsers returns the localized mobile account as having the <true>
value as the account being an admin 

dscl . read /Groups/admin Does not list the account 

dscl . -delete /Groups/admin GroupMembership <shortname> or <UID>
returns an error that the attribute is not found, so I am guessing that
means that the account isn't in that group 

Is this a bug with Casper?

___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351

>>> Miles Leacy <miles.leacy at themacadmin.com> 01/16/09 10:18 AM >>>
I'm not sure what's going on there, however I'm fairly certain that
using the GUID will get you where you need to be.

----------
Miles A. Leacy IV

 Certified System Administrator 10.4
 Certified Technical Coordinator 10.5
 Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com

On Fri, Jan 16, 2009 at 11:11 AM, Thomas Larkin 
<tlarki at kckps.org> 

wrote:

DS error -14134 (eDSAttributeNotFound) 

If I do a dscl . list /Users UniqueID | grep <shortname> the user shows
up with their GUID so I know that they are in fact there 

___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351

>>> Miles Leacy <miles.leacy at themacadmin.com> 01/16/09 10:08 AM >>> 

What error is your command returning?

----------
Miles A. Leacy IV

 Certified System Administrator 10.4
 Certified Technical Coordinator 10.5
 Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com

On Fri, Jan 16, 2009 at 11:04 AM, Thomas Larkin 
<tlarki at kckps.org> 

wrote:

These are Directory users that have promoted them self to admin via an
old test account and we are cleaning it up, would that make any
difference? 

I would have sworn in the past I have used what I posted a few minutes
ago.

>>> Miles Leacy <miles.leacy at themacadmin.com> 01/16/09 9:59 AM >>>

You need to use the GUID.  If I'm not mistaken, it's stored in the
user's record as the "GeneratedUID". 

dscl . -delete /Groups/<group> GroupMembers <GUID> 

----------
Miles A. Leacy IV

 Certified System Administrator 10.4
 Certified Technical Coordinator 10.5
 Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com

2009/1/16 Thomas Larkin 
<tlarki at kckps.org> 

of dscl to remove someone from a group 

I thought it was 

sudo dscl . delete /Groups/admin GroupMembership <shortname> 

That returns an error 

___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351

_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090116/d4e4e1e8/attachment.html 