add AdPassMonHelper.sh - run at login to configure and launch ADPassM…

…on (bentoms fork) for AD users. minor changes and fixes to superecon.sh
Montana · Jun 4, 2015 · dbb245f · dbb245f
1 parent da2428e
commit dbb245f
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 5 deletions.
diff --git a/ADPassMonHelper/ADPassMonHelper.sh b/ADPassMonHelper/ADPassMonHelper.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+#
+# ADPassMonHelper.sh
+#
+# run on casper login trigger, check if user is AD
+# writes adpassmon prefs and launches ADPassMon if so.
+#
+# macmule's fork - https://macmule.com/2014/04/01/announcing-adpassmon-v2-fork/
+# 
+
+adpassmon="/Applications/Utilities/ADPassMon.app"
+userloggedin="${3}"
+
+expireage=${4}
+passwordpolicytext="${5}"
+
+uniqueid=$(echo $(dscl . read /Users/${userloggedin} UniqueID 2> /dev/null | awk '{print $2}'))
+
+if [ -z "${uniqueid}" ] || (( ${uniqueid} > 1000 )) # if user doesn't exist in localds, or uid is > 1000 - network user
+then
+	echo "${userloggedin} is an AD account" 
+	if [ -f "${adpassmon}/Contents/MacOS/ADPassMon" ]
+	then
+		echo "writing ADPassMon preferences ..."
+		sudo -u ${userloggedin} defaults write org.pmbuko.ADPassMon expireAge -int ${expireage} 	
+		sudo -u ${userloggedin} defaults write org.pmbuko.ADPassMon pwPolicy -string "${passwordpolicytext}"
+		sudo -u ${userloggedin} defaults write org.pmbuko.ADPassMon selectedBehaviour -int 2
+		sudo -u ${userloggedin} defaults write org.pmbuko.ADPassMon prefsLocked -bool true
+		echo "launching ADPassMon ..."
+		sudo -u "${userloggedin}" "${adpassmon}/Contents/MacOS/ADPassMon" &
+	else
+		echo "ADPassMon is NOT installed, doing nothing"
+	fi
+else
+	echo "${userloggedin} is a local user, doing nothing"
+fi
+exit 0
diff --git a/FVHelper/FVHelper.png b/FVHelper/FVHelper.png
diff --git a/cfgScripts/cfguserShareAlias.sh b/cfgScripts/cfguserShareAlias.sh
@@ -53,4 +53,4 @@ then
 		${dockutil} --add "${target}" --display folder --view grid "${abshome}"
 	fi
 fi
-exit
+exit
diff --git a/superrecon.sh b/superrecon.sh
@@ -2,8 +2,7 @@
 #
 # superrecon2.sh
 #
-# scrape directory for user & location info - add it to recon (jss will now look up AD info, we don't need to)
-
+# scrape directory for user & location info
 
 userloggedin="$(who | grep console | awk '{print $1}')"
 adcheck=$(dscl . read /Users/${userloggedin} AuthenticationAuthority | grep LocalCachedUser)
@@ -12,11 +11,15 @@ if [ -z "${adcheck}" ]
 then
 	echo "superRecon - ${userloggedin} is a Local Account"
 	echo "------------------------------------------------------------------------"
-	jamf recon -endUsername "${userloggedin}" -position "Local Account"
+	jamf recon -endUsername "${userloggedin}" -position "Local Account" -realname "" -email "" -position "" -phone "" # blank out empty fields in jss.
 else
 	echo "supeRecon - ${userloggedin} is an AD Account"	
 	echo "------------------------------------------------------------------------"
-	jamf recon -endUsername "${userloggedin}"
+	userrealname=$(dscl . -read /Users/${userloggedin} original_realname 2> /dev/null | tail -1 | cut -d ' ' -f 2-)
+	useremail=$(dscl . -read /Users/${userloggedin} EMailAddress 2> /dev/null | cut -d ' ' -f 2-)
+	userposition=$(dscl . -read /Users/${userloggedin} JobTitle 2> /dev/null | tail -1 | cut -d ' ' -f 2-) # these keys may not be filed
+	userphone=$(dscl . -read /Users/${userloggedin} PhoneNumber 2> /dev/null | tail -1 | cut -c 2-)
+	jamf recon -endUsername "${userloggedin}" -realname "${userrealname}" -email "${useremail}" -position "${userposition}" -phone "${userphone}"
 fi
 
 exit 0
-Original file line number
+Diff line change
@@ Expand Up / @@ -53,4 +53,4 @@ then @@
     		${dockutil} --add "${target}" --display folder --view grid "${abshome}"
     	fi
     fi
-    exit
+    exit