Last active
December 15, 2017 01:25
-
-
Save patgmac/e9fcbbbcd274a077f4866564f0c458a0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # checkUsersWithoutSecureToken.sh | |
| # | |
| # Purpose: Determines which users do not have a Secure Token on High Sierra | |
| # This tells us which users will not be able to add other users via sysadminctl. | |
| # | |
| # Written by: Patrick Gallagher | |
| OSvers=$( sw_vers -productVersion | cut -d. -f2 ) | |
| # Check if this is a pairing Workstation | |
| if [[ ! -f /var/sandbox/com.homedepot.pairedprogramming.plist ]]; then | |
| # not a PP Workstation | |
| echo "<result>N/A</result>" | |
| exit 0 | |
| fi | |
| if [[ "$OSvers" -le 12 ]]; then | |
| echo "<result>N/A</result>" | |
| exit 0 | |
| fi | |
| except=('casperadmin' 'mfe') | |
| list=() | |
| # generate user list of users that do have not have a secure token | |
| for username in $(dscl . list /Users UniqueID | awk '$2 > 500 { print $1 }'); do | |
| TestAdminToken=$( (dscl . -read /Users/$username AuthenticationAuthority) 2>&1) | |
| if [[ "$TestAdminToken" != *SecureToken* ]] && | |
| grep -qvFf <(printf '%s\n' "${except[@]}") <(echo "$username") | |
| then | |
| # Any reported accounts are added to the array list | |
| list+=("$username") | |
| fi | |
| done | |
| # Prints the array's list contents | |
| echo "<result>${list[*]}</result>" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment