-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathCreate_User_Account_jamfbinary.jss.zsh
More file actions
executable file
·147 lines (109 loc) · 4.5 KB
/
Create_User_Account_jamfbinary.jss.zsh
File metadata and controls
executable file
·147 lines (109 loc) · 4.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
#!/bin/zsh
SCRIPTNAME=$(/usr/bin/basename "$0")
SCRIPTDIR=$(/usr/bin/dirname "$0")
# Jamf JSS Parameters 1 through 3 are predefined as mount point, computer name, and username
pathToScript=$0
mountPoint=$1
computerName=$2
userName=$3
echo "pathToScript=$pathToScript"
echo "mountPoint=$mountPoint"
echo "computerName=$computerName"
echo "userName=$userName"
# set -x
# new user account details
# passhash is base64 encoded password
# base64 <<< "password"
NewAccount="${4:-lapsadmin}"
RealName="${5:-LAPS Admin}"
# passhash="${6}"
passcode="${6}"
admin="${7:-no}"
hidden="${8:-yes}"
secureTokenAllowed="${9:-yes}"
Picture="${10:-/Library/User Pictures/Nature/Zen.heic}"
createHomeDir="${11:-no}"
# append flags to command, based upon script parameters
createAccountFlags=""
# Important Note: Zsh, by default, treats the expanded variable as a single word, even if it contains spaces, which is different from Bash's word-splitting behavior.
# This means sam deploy -g --guided $aws_options would likely pass --profile test-name --region eu-west-2 as a single argument
# To handle multiple arguments correctly, especially those containing spaces, use arrays.
# LS_OPTIONS=(--color=auto --group-directories-first)
# ls $LS_OPTIONS
if [[ "$secureTokenAllowed" =~ "[Yy][Ee][Ss]" ]]; then
createAccountFlags+=( -secureTokenAllowed)
fi
# make the account admin, if specified
if [[ "$admin" =~ "[Yy][Ee][Ss]" ]]; then
createAccountFlags+=( -admin)
fi
# hide the account, if specified
if [[ "$hidden" =~ "[Yy][Ee][Ss]" ]]; then
createAccountFlags+=( -hiddenUser -home /private/var/$NewAccount)
fi
# Apple-installed user photos have .heic or .tif file extensions.
# If "$Picture" does not exist, try alternate filename extension.
if [[ ! -e "$Picture" ]]; then
# Determine whether provided filename suffix is ".heic"
FilenameSufix=$(echo "$Picture" | /usr/bin/grep --only-matching '\.heic$')
# ### HEIC ###
if [[ "$FilenameSufix" = ".heic" ]]; then
# change pathname to .tif
PictureTif=$(echo "$Picture" | sed 's|.heic|.tif|' )
# If .tif pathname exists, then we use it instead.
if [[ -e "$PictureTif" ]]; then
Picture="$PictureTif"
else
# Or we set Picture to empty string
Picture=""
fi
else
# ### TIF ###
FilenameSufix=$(echo "$Picture" | /usr/bin/grep --only-matching '\.tif$')
if [[ "$FilenameSufix" = ".tif" ]]; then
# change pathname to .heic
PictureHEIC=$(echo "$Picture" | sed 's|.tif|.heic|' )
# If .heic pathname exists, then we use it instead.
if [[ -e "$PictureHEIC" ]]; then
Picture="$PictureHEIC"
else
# Or we set Picture to empty string
Picture=""
fi
fi
fi
fi
if [[ "$Picture" = "" ]]; then
/usr/local/bin/jamf createAccount -stopConsoleLogs -verbose -username "$NewAccount" -realname "$RealName" -password "$passcode" -suppressSetupAssistant $createAccountFlags
else
/usr/local/bin/jamf createAccount -stopConsoleLogs -verbose -username "$NewAccount" -realname "$RealName" -password "$passcode" -picture "$Picture" -suppressSetupAssistant $createAccountFlags
fi
# Jamf Pro will Tell system to create account user profile.
echo "Secure Token Status for $NewAccount:"
/usr/sbin/sysadminctl -secureTokenStatus "$NewAccount"
echo
echo "Current list of volume owners:"
/usr/bin/fdesetup list -extended
/usr/sbin/diskutil apfs listUsers /
exit
: <<JAMFHELP
Usage: jamf createAccount -username <username> -realname <Real Name>
[-password <password>] [-prompt] [-passhash <passhash>] [-home </path/to/home/directory>]
[-hint <hint>] [-shell <shell>] [-picture <picture>]
[-admin] [-secureTokenAllowed] [-secureSSH] [-hiddenUser] [-networkUser] [-suppressSetupAssistant]
-username The user's user name
-realname The user's real name
-password The password of the user
-prompt prompts user to enter a password for the user account
-passhash The hashed password of the user
-home The location of the user's home directory
-hint The hint displayed to the user
-shell The user's default shell
-picture The user's picture for the Login window
-admin This flag adds the user to the admin group.
-secureTokenAllowed This flag allows the user account to be the first one on the computer that is granted a secure token.
-hiddenUser Creates an account with a UID under 500 and hides it
-networkUser Creates an account with a UID over 1025
-secureSSH Modifies the group com.apple.ssh_access to restrict access to only this user
-suppressSetupAssistant The Setup Assistant will not show on first login for this user
JAMFHELP