We have a standard management account that we use which is deployed during imaging and at enrollment. A request has been brought forth to add a second management account. The Local Accounts and Management Accounts payloads do not seem to have this feature built-in. It is worth noting that the second account that is needed to have SSH functionality enabled is being added via a Self Service policy that is initiated by the user performing the imaging/deployment of the client machine. This policy adds that user as an administrator and as a FileVault 2-enabled user. Has anyone else implemented a similar workflow? If so, do you mind sharing what steps you took?
Page 1 / 1
Looking into this approach right now: http://magervalp.github.io/CreateUserPkg/
Many thanks, @cshepp11!
Hmmm, does anyone have a more streamlined approach? Perhaps via scripting? I should have added that this would be for OS X 10.11.5 deployments.
Couldn't you drop the package to create a user and then add them to the com.apple.access_ssh group in a postinstall?
Great, thanks @mike.pinto!
What about just simply adding a Files and Processes>Execute Command in the account creation policy?
sudo dseditgroup -o edit -t user -a <username> com.apple.access_sshAnd when I meant SSH access, I meant remote management! I added this as an Execute Command which did the trick.
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users <username> -privs -all -restart -agent -menuEnter your E-mail address. We'll send you an e-mail with instructions to reset your password.