Skip to main content

I found this script for deleting accounts below which works a treat.
However I work expect after a inventory update for Local User Accounts section in device record to be cleard also. But it still showing the delete accounts. Is there something I can add to the script or do to ensure this part of the device record get reset.

# Get a list of all user accounts
user_list=$(dscl . -list /Users | grep -v '^_')

# Specify the admin account(s) that you want to exclude
excluded_users=("admin1" "admin2" "root" "management account")

# Loop through the user list and delete user profiles except admin accounts
for user in $user_list; do
if [[ ! " ${excluded_users[@]} " =~ " ${user} " ]]; then
if [[ "$user" != "Shared" ]]; then # Exclude 'Shared' user
echo "Deleting user profile for: $user"
sudo sysadminctl -deleteUser "/Users/$user"
sudo rm -rf "/Users/$user"
fi
fi
done

You can try using the Jamf binary to delete the accounts instead.  Something like


JAMF=$( which jamf )

$JAMF deleteAccount -username "$user" -deleteHomeDirectory

should do it.

Are the folders being removed, and are you doing a inventory update after they are?
Try adding the line "sudo jamf Recon"  after the fi's:

fi
fi


sudo jamf Recon


done


If its just a inventory issue it might do it

Here is the script that I have used


#!/bin/bash

######################### WARNING - THIS SCRIPT IS DISTRUCTIVE ##########################
# This script deletes all users not currently logged in, or the Jamf Management account.#
#
# #
#########################################################################################

#Discover the logged in user, so we dont accidentally delete them
loggedInUser=$( ls -l /dev/console | awk '{print $3}')
#print logged in user
echo "$loggedInUser is currently logged in"

#Find Users, excluding selected Admin user, and System and Service Accounts
users=$( dscl . ls /Users | grep -v '_' | grep -v 'root' | grep -v 'daemon'| grep -v 'nobody'| grep -v 'AdminAcount'| grep -v $loggedInUser )

echo "Removing User Accounts"

for a in $users; do
#delete user
/usr/bin/dscl . delete /Users/$a > /dev/null 2>&1
echo "$a's user account has been removed"
#Delete User Home Folder
/bin/rm -rf /Users/"$a"
echo "$a's user home folder has been removed"
continue
done

echo "User accounts Removed Sucessfully"
exit 0

 

Here is the script that I have used


#!/bin/bash

######################### WARNING - THIS SCRIPT IS DISTRUCTIVE ##########################
# This script deletes all users not currently logged in, or the Jamf Management account.#
#
# #
#########################################################################################

#Discover the logged in user, so we dont accidentally delete them
loggedInUser=$( ls -l /dev/console | awk '{print $3}')
#print logged in user
echo "$loggedInUser is currently logged in"

#Find Users, excluding selected Admin user, and System and Service Accounts
users=$( dscl . ls /Users | grep -v '_' | grep -v 'root' | grep -v 'daemon'| grep -v 'nobody'| grep -v 'AdminAcount'| grep -v $loggedInUser )

echo "Removing User Accounts"

for a in $users; do
#delete user
/usr/bin/dscl . delete /Users/$a > /dev/null 2>&1
echo "$a's user account has been removed"
#Delete User Home Folder
/bin/rm -rf /Users/"$a"
echo "$a's user home folder has been removed"
continue
done

echo "User accounts Removed Sucessfully"
exit 0

 


@mickgrant thats really helpful one question how do exclude other admin accounts would it be this 


grep -v 'name of account goes here'|

Have you found this clear down the local user section in the device record?

Are the folders being removed, and are you doing a inventory update after they are?
Try adding the line "sudo jamf Recon"  after the fi's:

fi
fi


sudo jamf Recon


done


If its just a inventory issue it might do it


@SCCM I have done it outside the script but will give it a try I though it was also a recon issue.

@mickgrant thats really helpful one question how do exclude other admin accounts would it be this 


grep -v 'name of account goes here'|

Have you found this clear down the local user section in the device record?


@mickgrant I think I have something working thanks again 😀

@mickgrant thats really helpful one question how do exclude other admin accounts would it be this 


grep -v 'name of account goes here'|

Have you found this clear down the local user section in the device record?


Yes that's exactly how to do it.

Is anyone aware of any reasons that an account can't always be deleted?

I have a shell script that tries to delete an account once the account is at least x minutes old. I've tried to delete the account with sysadminctl -deleteUser and jamf -deleteAccount. Sometimes it works, sometimes it doesn't.


I've also tried Delete Account under the local accounts section in a policy instead of running my script from the policy. Same iffy results. And the same iffy results if I run the script through a launchdaemon on the machine.


The error from Delete Account or jamf -deleteAccount isn't very helpful (even with -verbose).



  1. Executing Policy EUC Admin Removal

  2. Attempting to delete user eucadmin…

  3. Unable to delete user eucadmin


...that's it. 😕😕


BUT! If I run my script directly (with sudo) on the machine it seems to work all the time.


I thought it might be a background process running under the account to be deleted holding it up, but same results after a restart. Sometimes it works, sometimes it doesn't.

Is anyone aware of any reasons that an account can't always be deleted?

I have a shell script that tries to delete an account once the account is at least x minutes old. I've tried to delete the account with sysadminctl -deleteUser and jamf -deleteAccount. Sometimes it works, sometimes it doesn't.


I've also tried Delete Account under the local accounts section in a policy instead of running my script from the policy. Same iffy results. And the same iffy results if I run the script through a launchdaemon on the machine.


The error from Delete Account or jamf -deleteAccount isn't very helpful (even with -verbose).



  1. Executing Policy EUC Admin Removal

  2. Attempting to delete user eucadmin…

  3. Unable to delete user eucadmin


...that's it. 😕😕


BUT! If I run my script directly (with sudo) on the machine it seems to work all the time.


I thought it might be a background process running under the account to be deleted holding it up, but same results after a restart. Sometimes it works, sometimes it doesn't.


If memory serves, there must always be an admin account with a Secure Auth Token on the machine if you are deleting another account.  Would your script above be clearing out the last admin account present on the machine?

If memory serves, there must always be an admin account with a Secure Auth Token on the machine if you are deleting another account.  Would your script above be clearing out the last admin account present on the machine?


Good thought… I know the jamf management account doesn’t get a secure token by default, and I checked the other admin account on the machine, and it doesn’t have a secure token either.

I think this may be the issue.

________________________________

This message may contain confidential information and is intended for specific recipients unless explicitly noted otherwise. If you have reason to believe you are not an intended recipient of this message, please delete it and notify the sender. This message may not represent the opinion of Intercontinental Exchange, Inc. (ICE), its subsidiaries or affiliates, and does not constitute a contract or guarantee. Unencrypted electronic mail is not secure and the recipient of this message is expected to provide safeguards from viruses and pursue alternate means of communication where privacy or a binding message is desired.

Reply


Terms & ConditionsCookie settings