Skip to content

Instantly share code, notes, and snippets.

Last active January 29, 2020 02:11
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
# Useful if you don't have AD/LDAP binding configured for your Jamf macOS workstations and/or local usernames
# are not the same as your AD/LDAP user ID but you'd still like to scope policies based on AD/LDAP group
# membership.
# This script configures a scheduled task that runs every 30 minutes and does the following:
# - Grab the username from device location details (enrolled user) using the API
# - Feed the username into `jamf policy -username`
# Make sure to replace the value of apiUser and apiPass with a standard Jamf user account
# that has Auditor privileges at minimum.
# Create or update the script
cat <<- "EOF" > /usr/local/jamf/bin/
# Polls Jamf API for computer owner then requests
# all policies for that username
# Variables
SERIAL=$(ioreg -c IOPlatformExpertDevice -d 2 | awk -F\" '/IOPlatformSerialNumber/{print $(NF-1)}')
USERINFO=$(curl -s -k ${jssURL}JSSResource/computers/serialnumber/${SERIAL}/subset/location -H "Accept: application/xml" --user "${apiUser}:${apiPass}")
USERNAME=$(echo $USERINFO | /usr/bin/awk -F'<username>|</username>' '{print $2}' | tr [A-Z] [a-z])
printf "%s %s\n" "Processing policy for user:" $USERNAME
/usr/local/jamf/bin/jamf policy -username $USERNAME
# Set script executable
chmod +x /usr/local/jamf/bin/
jamf scheduledTask -command "/usr/local/jamf/bin/" -name GetADUserPolicies -user root -runAtLoad -minute '*/30/'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment