How familiar are you with Perl? I use perl to do this and check against the name of the account. this could help in your scenario where the account UIDs are flipped. . . if you were checking against account name it should be 100% every time.

The first script will look for any users equal or above a UID 501 except for "Company Admin" and below a UID of 1000 so local user's only.

I have that set in an array called localuser. Then have a for loop go through the remaining users and remove the access.

#!/bin/sh

    IFS=$'
'
        declare -a localusers=($(dscl . list /Users UniqueID | grep -v company admin | awk '$2 >= 501 && $2 < 1000 {print $1}'))
    unset IFS

    for i in "${localusers[@]}"
        do          
            /usr/sbin/dseditgroup -o edit -d $i -t user admin

        done

The second will target the specific user on the system. I have added an if statement within the for loop looking just for that username.

#!/bin/sh

    IFS=$'
'
        declare -a localusers=($(dscl . list /Users UniqueID | grep -v company admin | awk '$2 >= 501 && $2 < 1000 {print $1}'))
    unset IFS

    for i in "${localusers[@]}"
        do          
            if [ $i == assigned user]; then
                /usr/sbin/dseditgroup -o edit -d $i -t user admin
            else
                echo "Not the droids we were looking for"
            fi      
        done

Update: I reread your original post and what you are looking for. I think this additional script hits closer to your goal.

#!/bin/sh

currentUser=$(ls -l /dev/console | awk '{ print $3 }')

      if [ $currentUser == "assigned user" ]; then
          /usr/sbin/dseditgroup -o edit -d $currentUser -t user admin
          exit 0
      else
          echo "Not the droids we were looking for"
          exit 1
      fi

I'm by no means scripting expert but I have used these or similar scripts with good success. I'm sure there are other ways to handle that task.

Last thing (Insert the TEST, TEST, TEST, TEST and TEST dialog here)

Hope these help Shaun

THAT looks exactly what i am looking for. I will try it and let you know the results but yes I want the script to target the user logged in at the time "current-user" but never target the "admin-user" account when it logs in. There are only two accounts per machine. :)

----------UPDATE-------------
I'm finding machines with other accounts as well so that I do not waste time, all I want to do is make any and all users other than "SIFI" (thats the only admin account that there needs to be) to be made a standard accounts only.

Using @ShaunRMiller83 script...This is what I am trying right now. The expected results would be any user currently logged in to a macbook other than user sifi should be demoted to standard.

!/bin/sh

currentUser=$(ls -l /dev/console | awk '{ print $3 }')

if [ $currentUser != "sifi" ]; then /usr/sbin/dseditgroup -o edit -d $currentUser -t user admin exit 0 else echo "Not the droids we were looking for" exit 1

fi

I get no errors however it does not demote any users.

WORKS LIKE A CHAMP! THANK YOU FOR THE ASSIST! :)

John