Grant Secure Token (Mac)
0 Votes |
Versioning - This is the latest version.
1 | Grant Secure Token (Mac) | 1/11/2024 10:15:07 PM |
2 | Grant Secure Token (Mac) | 5/6/2024 9:34:45 AM |
Description
This fixlet uses an existing account with a secure token to grant a secure token to another account. Additionally, "secure parameters" are used to encrypt the passwords and securely transfer them to the endpoint.
If the granting user is not an administrator, they will be temporarily elevated for the duration of the script, and then returned to a standard user account.
Logs are written to /Library/Application Support/BigFix/BES Agent/__BESData/__Global/SWDDeployData/SWD_DeploymentResults.log
Property Details
27341 | |
Production - Fully Tested and Ready for Production | |
Grant Secure Token (Mac) | |
BESC | |
Internal | |
1/11/2024 12:00:00 AM | |
macos, secure token, grant, secure, token, volume owner, mac | |
eg2428 on 5/6/2024 9:34:45 AM | |
eg2428 on 5/6/2024 9:34:45 AM | |
867 Views / 2 Downloads | |
* Average over 0 ratings. ** Log In or Register to add your rating. |
Relevance
mac of operating system
Actions
Action 1 (default)
Action Link Click
here to deploy this action.
Script Type
BigFix Action Script
parameter "mainSWDLogFolder" = "{parent folder of client folder of current site}/__Global/SWDDeployData"Success Criteria
folder create "{parameter "mainSWDLogFolder"}"
parameter "logFile" = "SWD_DeploymentResults.log"
parameter "logFolder" = "{parameter "mainSWDLogFolder"}"
wait sh -c "echo '' >> '{parameter "mainSWDLogFolder"}/{parameter "logFile"}'"
wait sh -c "echo $(date +%Y_%m_%d' '%T) >> '{parameter "mainSWDLogFolder"}/{parameter "logFile"}'"
wait sh -c "echo Action ID: {id of active action} >> '{parameter "mainSWDLogFolder"}/{parameter "logFile"}'"
delete __createfile
delete "__Download/broker.sh"
createfile until _end_
#/!bin/zsh
adminUser="{parameter "adminUser" of action}"
adminPass="{parameter "adminPass" of action}"
receiverUser="{parameter "receiverUser" of action}"
receiverPass="{parameter "receiverPass" of action}"
precheck=$(sysadminctl -secureTokenStatus $adminUser 2>&1)
if [[ "$precheck" == *"ENABLED"* ]]; then
echo "Granting user $adminUser has a secure token. Continuing..." >> "{parameter "logFolder"}/{parameter "logFile"}"
elif [[ "$precheck" == *"DISABLED"* ]]; then
echo "Granting user $adminUser does not have a secure token" >> "{parameter "logFolder"}/{parameter "logFile"}"
exit 1
else
echo "Error checking $adminUser secure token status" >> "{parameter "logFolder"}/{parameter "logFile"}"
exit 2
fi
if [ -z "$adminPass" ]; then
adminPass="-"
fi
if [ -z "$receiverPass" ]; then
receiverPass="-"
fi
resetUser=false
if id -Gn $adminUser | grep -q -w admin;
then
echo "Granting user $adminUser is an administrator. Continuing..." >> "{parameter "logFolder"}/{parameter "logFile"}"
else
echo "Granting user $adminUser is NOT an administrator. Temporarily elevating..." >> "{parameter "logFolder"}/{parameter "logFile"}"
dscl . -merge /Groups/admin GroupMembership $adminUser >> "{parameter "logFolder"}/{parameter "logFile"}" 2>&1
resetUser=true
fi
yes "" | sysadminctl -secureTokenOn $receiverUser -password $receiverPass -adminUser $adminUser -adminPassword $adminPass >> "{parameter "logFolder"}/{parameter "logFile"}" 2>&1
if [ "$resetUser" = true ]; then
echo "Returning $adminUser to standard user" >> "{parameter "logFolder"}/{parameter "logFile"}"
dseditgroup -o edit -d $adminUser -t user admin >> "{parameter "logFolder"}/{parameter "logFile"}" 2>&1
fi
check=$(sysadminctl -secureTokenStatus $receiverUser 2>&1)
if [[ "$check" == *"ENABLED"* ]]; then
echo "Target user $receiverUser has a secure token" >> "{parameter "logFolder"}/{parameter "logFile"}"
exit 0
elif [[ "$check" == *"DISABLED"* ]]; then
echo "Target user $receiverUser does not have a secure token" >> "{parameter "logFolder"}/{parameter "logFile"}"
exit 1
else
echo "Error checking $receiverUser secure token status" >> "{parameter "logFolder"}/{parameter "logFile"}"
exit 2
fi
_end_
copy "__createfile" "__Download/broker.sh"
wait chmod +x "__Download/broker.sh"
wait /bin/zsh "__Download/broker.sh"
parameter "error" = "{exit code of action}"
delete __createfile
delete "__Download/broker.sh"
if {parameter "error" != "0"}
exit {parameter "error"}
endif
exit {parameter "error"}
This action will be considered successful when all lines of the action script have completed successfully.
Sharing
Social Media: |
Comments
|
|
https://scholarshipup.org/ |
|
|
Grant Secure Token (Mac) refers to a process in macOS that enables a user account to access FileVault encryption keys, allowing for secure login and access to encrypted data. [url=https://scholarshipup.org/]uttar pradesh scholarship[/url] This feature is particularly important for managing user authentication and access control in enterprise environments or shared Mac systems. Granting Secure Tokens ensures that users can securely access their encrypted data while maintaining system security and integrity. |