Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Select an option

  • Save rocketman-pat/967cfbd056e73c4ccfb78e1dc1c6b1f1 to your computer and use it in GitHub Desktop.

Select an option

Save rocketman-pat/967cfbd056e73c4ccfb78e1dc1c6b1f1 to your computer and use it in GitHub Desktop.
Jamf EA Script for RCC's List All FileVault Enabled Users Tool

This script:

  1. Checks if the Rocketman tool is installed.
  2. Retrieves the backdoor admin username from a managed preferences plist file and uses it to fetch the password from the keychain via Rocketman.
  3. Handles potential errors during password retrieval, providing specific error messages for different scenarios (e.g., no password set, unknown errors).
  4. Returns the result in a format suitable for Jamf Pro inventory data.
#!/bin/zsh

# Define the username of the backdoor admin account
BreakglassAdminUsername=$(defaults read "/Library/Managed Preferences/tech.rocketman.breakglass.plist" shortName)

# Check if rocketman (RCC) is installed
if ! command -v rocketman &>/dev/null; then
    echo "<result>RCC Not Installed</result>"
    exit 0
fi

# Retrieve the password from the keychain
BreakglassAdminPassword=$(rocketman GetBackdoorAdminPasswordFromKeychain --shortName "${BreakglassAdminUsername}" 2>/dev/null)
exitCode=$?

# Evaluate the result
if [[ $exitCode -eq 0 && -n "$BreakglassAdminPassword" ]]; then
    # Successfully retrieved password
    echo "<result>$BreakglassAdminPassword</result>"
elif [[ $exitCode -eq 1 ]]; then
    # Tool indicates no password set
    echo "<result>No Backdoor Admin Password Set</result>"
else
    # Any other non-zero exit code is considered an unknown error
    echo "<result>Other Error Occurred</result>"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment