search

joshua-d-miller / macOSLAPS

Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows
MIT License
382 stars 57 forks source link

[Enhancement] Add Account Detection To Extension Attributes #76

Closed rougegoat closed 1 year ago

rougegoat commented 2 years ago

It may be helpful to modify the extensions to check if the account set in LocalAdminAccount exists on the machine. There are situations where the account would either have never existed or been removed improperly. Adding a check could help IT track that. Napkin math but I think adding something like this at line 20 could do it

LocalAdminAccount=$(defaults read /Library/Managed\ Preferences/edu.psu.macoslaps.plist LocalAdminAccount)
checkUser=$(dseditgroup -o checkmember -m $LocalAdminAccount localaccounts | awk '{ print $1 }')

if [ "$LocalAdminAccount" == "" ] ; then
     echo "<result>Not Configured</result>"
elif [ "$checkUser" != "yes" ] ; then
     echo "<result>$LocalAdminAccount Not Present</result>"
elif [ -e $LAPS ] ; then
...
joshua-d-miller commented 2 years ago

I believe this is something that could be added to the extension attributes quite easily. I'll see what I can do.

joshua-d-miller commented 1 year ago

The extension attributes have been updated to reflect this change. Please let me know if you feel this is inadequate.