Has anyone had success auditing Configuration Profiles on macOS to include both device and user profiles? So far I have a recurring task setup to create an xml using system_profiler.
> #!/bin/sh
> system_profiler SPConfigurationProfileDataType -xml > "/Library/Application Support/BigFix/BES Agent/__BESData/__Global/__ConfigProfiles"
I then have an analysis which reports on this:
("Profile Name: " & (string "_name" of it) & " | Description: " & (string "spconfigprofile_description" of it) & " | Organization: " & (if (exists string "spconfigprofile_organization" whose (it != "") of it) then (string "spconfigprofile_organization" of it) ELSE "N/A") & " | Identifier: " & (string "spconfigprofile_profile_identifier" of it) & " | Install Date: " & (string "spconfigprofile_install_date" of it) & " | Removal Prohibited?: " & (string "spconfigprofile_RemovalDisallowed" of it)) of (dictionaries of values of arrays of values of entries of dictionaries of values of arrays of values of entries of dictionaries of values of arrays of files "/Library/Application Support/BigFix/BES Agent/__BESData/__Global/__ConfigProfiles")
The issue I am having is that the system_profiler command runs as root and therefore does not get user based profiles. Standard users need to be able to run system_profiler for this to occur.