Does anyone know of a script to hide the admin account, and works with Casper Admin/Imaging?
Question
Hiding admin account
+3
+14For what it's worth, this makes the admin account hidden.
It's part of my imaging configuration with a priority of 3 with 'install on boot drive after imaging'.
https://github.com/MagerValp/CreateUserPkg
+7The IsHidden works for me. Be careful to not put a trailing slash at the end of the command.
dscl . create /Users/hiddenuser IsHidden 1will work.
dscl . create /Users/hiddenuser/ IsHidden 1will silently fail, from what I remember.
In addition, I normally do this to hide the admin's home folder:
chflags hidden /Users/hiddenuserYou could move the home folder somewhere like /var/home but I find it easier to simply hide the folder the Finder. If someone wants to poke around in the terminal and find the hidden user folder, that is on them. I have also found that some applications do not like home folders moved out of /Users/
+3@hzimmerman
I tried it, making a .sh file and running it on CasperAdmin, then Casper Imaging: fail
I tried it running on Casper Remote, and it failed. How are you typing the commands in shell?
@Abdiaziz: will try yours and get back to you
+31Hi Everyone,
You can use the JAMF binary as well to accomplish this. Also with the release of Yosemite I think Apple wants you to stay out of dscl and they introduced a new binary called sysadminctl which can create user accounts.
An example command for JAMF binary would be:
sudo jamf createAccount -username tlarkin -realname "Tom Larkin" -password "tac0sRGr8" -home /Users/tlarkin -shell /bin/bash -admin -hiddenUserI used to use the JAMF binary in post imaging scripts to create the user accounts for local admin usage and then use a policy in the JSS to rotate the password if necessary.
Unfortunately sysadminctl does not have a man page, but it has help output:
sysadminctl -help
2015-07-07 16:16:16.296 sysadminctl[9302:6022788] Usage: sysadminctl
-deleteUser <user name> [-secure || -keepHome]
-newPassword <new password> -oldPassword <old password> [-passwordHint <password hint>]
-resetPasswordFor <local user name> -newPassword <new password> [-passwordHint <password hint>]
-addUser <user name> [-fullName <full name>] [-UID <user ID>] [-password <user password>] [-hint <user hint>] [-home <full path to home>] [-admin] [-picture <full path to user image>]There is no -hidden swtich in sysadminctl though so I don't think it can be easily used to hide accounts.
https://support.apple.com/en-us/HT203998
I dont suppose there is a script created for this so we can just run it by clicking on it once to make it easy to do on multiple machines?
+9This is what I use from 10.6 to 10.11.3
sudo dscl . -create /Users/teacherlocal UniqueID 450
sudo dscl . -create /Users/teacherlocal PrimaryGroupID 80
sudo dscl . -create /Users/teacherlocal NFSHomeDirectory /var/teacherlocal
sudo dscl . -create /Users/teacherlocal UserShell /bin/bash
sudo dscl . -create /Users/teacherlocal RealName "teacherlocal"
sudo dscl . -passwd /Users/teacherlocal Sch00L
sudo mkdir /var/teacherlocal
sudo chown -R teacherlocal /var/teacherlocal
sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES
sudo defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool TRUE
hope it helps
+26check out this write up on the subject...not my work but it sounds intuitive enough:
https://babodee.wordpress.com/2017/10/05/sysadminctl-changes-in-10-13/
+4is there any script or extension attribute that checks if the management account is hidden or not ? I need it to create a smart group for the Mac that have visible management account.
+4I also need to hide a local user admin account. Does anyone have any other method for doing this besides dscl? Can the Jamf binary be used to hide an already existing account without creating a new one?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.