Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/bin/sh
# Useful if you don't have AD/LDAP binding configured for your Jamf macOS workstations and/or local usernames
# are not the same as your AD/LDAP user ID but you'd still like to scope policies based on AD/LDAP group
# membership.
# This script configures a scheduled task that runs every 30 minutes and does the following:
# - Grab the username from device location details (enrolled user) using the API
# - Feed the username into `jamf policy -username`
# Make sure to replace the value of apiUser and apiPass with a standard Jamf user account
# that has Auditor privileges at minimum.
# Create or update the script
cat <<- "EOF" > /usr/local/jamf/bin/getuserpolicy.sh
#!/bin/sh
# Polls Jamf API for computer owner then requests
# all policies for that username
# Variables
jssURL="https://<YOURDOMAIN>.jamfcloud.com/"
apiUser="<YOURAPIUSER>"
apiPass="<APIUSERPASS>"
SERIAL=$(ioreg -c IOPlatformExpertDevice -d 2 | awk -F\" '/IOPlatformSerialNumber/{print $(NF-1)}')
USERINFO=$(curl -s -k ${jssURL}JSSResource/computers/serialnumber/${SERIAL}/subset/location -H "Accept: application/xml" --user "${apiUser}:${apiPass}")
USERNAME=$(echo $USERINFO | /usr/bin/awk -F'<username>|</username>' '{print $2}' | tr [A-Z] [a-z])
printf "%s %s\n" "Processing policy for user:" $USERNAME
/usr/local/jamf/bin/jamf policy -username $USERNAME
EOF
# Set script executable
chmod +x /usr/local/jamf/bin/getuserpolicy.sh
jamf scheduledTask -command "/usr/local/jamf/bin/getuserpolicy.sh" -name GetADUserPolicies -user root -runAtLoad -minute '*/30/'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.