Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # checkUsersWithoutSecureToken.sh
- #
- # Purpose: Determines which users do not have a Secure Token on High Sierra
- # This tells us which users will not be able to add other users via sysadminctl.
- #
- # Written by: Patrick Gallagher
- OSvers=$( sw_vers -productVersion | cut -d. -f2 )
- if [[ "$OSvers" -le 12 ]]; then
- echo "<result>N/A</result>"
- exit 0
- fi
- except=('casperadmin' 'mfe')
- list=()
- # generate user list of users that do have not have a secure token
- for username in $(dscl . list /Users UniqueID | awk '$2 > 500 { print $1 }'); do
- TestAdminToken=$( (sysadminctl -secureTokenStatus "$username") 2>&1)
- if [[ "$TestAdminToken" != *ENABLED* ]] &&
- grep -qvFf <(printf '%s\n' "${except[@]}") <(echo "$username")
- then
- # Any reported accounts are added to the array list
- list+=("$username")
- fi
- done
- # Prints the array's list contents
- echo "<result>${list[*]}</result>"
Add Comment
Please, Sign In to add comment