macOSLAPS icon indicating copy to clipboard operation
macOSLAPS copied to clipboard

Published 20 hours ago verified publisher icon joshua-d-miller

[Enhancement] Add Account Detection To Extension Attributes

Open rougegoat opened this issue 2 years ago • 1 comments

It may be helpful to modify the extensions to check if the account set in LocalAdminAccount exists on the machine. There are situations where the account would either have never existed or been removed improperly. Adding a check could help IT track that. Napkin math but I think adding something like this at line 20 could do it

LocalAdminAccount=$(defaults read /Library/Managed\ Preferences/edu.psu.macoslaps.plist LocalAdminAccount)
checkUser=$(dseditgroup -o checkmember -m $LocalAdminAccount localaccounts | awk '{ print $1 }')

if [ "$LocalAdminAccount" == "" ] ; then
     echo "<result>Not Configured</result>"
elif [ "$checkUser" != "yes" ] ; then
     echo "<result>$LocalAdminAccount Not Present</result>"
elif [ -e $LAPS ] ; then
...

rougegoat avatar Jun 09 '22 15:06 rougegoat

I believe this is something that could be added to the extension attributes quite easily. I'll see what I can do.

joshua-d-miller avatar Jun 21 '22 00:06 joshua-d-miller

The extension attributes have been updated to reflect this change. Please let me know if you feel this is inadequate.

joshua-d-miller avatar Jan 30 '23 02:01 joshua-d-miller