Last active
January 29, 2020 02:11
-
-
Save nmanzi/915072d92512a592779289015261ecfb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Useful if you don't have AD/LDAP binding configured for your Jamf macOS workstations and/or local usernames | |
# are not the same as your AD/LDAP user ID but you'd still like to scope policies based on AD/LDAP group | |
# membership. | |
# This script configures a scheduled task that runs every 30 minutes and does the following: | |
# - Grab the username from device location details (enrolled user) using the API | |
# - Feed the username into `jamf policy -username` | |
# Make sure to replace the value of apiUser and apiPass with a standard Jamf user account | |
# that has Auditor privileges at minimum. | |
# Create or update the script | |
cat <<- "EOF" > /usr/local/jamf/bin/getuserpolicy.sh | |
#!/bin/sh | |
# Polls Jamf API for computer owner then requests | |
# all policies for that username | |
# Variables | |
jssURL="https://<YOURDOMAIN>.jamfcloud.com/" | |
apiUser="<YOURAPIUSER>" | |
apiPass="<APIUSERPASS>" | |
SERIAL=$(ioreg -c IOPlatformExpertDevice -d 2 | awk -F\" '/IOPlatformSerialNumber/{print $(NF-1)}') | |
USERINFO=$(curl -s -k ${jssURL}JSSResource/computers/serialnumber/${SERIAL}/subset/location -H "Accept: application/xml" --user "${apiUser}:${apiPass}") | |
USERNAME=$(echo $USERINFO | /usr/bin/awk -F'<username>|</username>' '{print $2}' | tr [A-Z] [a-z]) | |
printf "%s %s\n" "Processing policy for user:" $USERNAME | |
/usr/local/jamf/bin/jamf policy -username $USERNAME | |
EOF | |
# Set script executable | |
chmod +x /usr/local/jamf/bin/getuserpolicy.sh | |
jamf scheduledTask -command "/usr/local/jamf/bin/getuserpolicy.sh" -name GetADUserPolicies -user root -runAtLoad -minute '*/30/' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment