Help

Add hidden admin accounts (at imaging time & to existing Macs)

donmontalvo
Esteemed Contributor III

Posted on ‎05-21-2012 02:06 AM

We will be deploying some Macs to a group and they want us to add a couple hidden admin user accounts, with customized home directories. I was thinking we could manually create the accounts on a LAB Mac, then PKG each of them up separately.

We would use a preflight script within the PKG to create the account:

#!/bin/sh

HIDEME=adminuser1

/usr/sbin/jamf createAccount -username $HIDEME -realname $HIDEME 
-passhash xxxxxxxxxxx -home /private/var/$HIDEME -admin -hiddenUser

exit 0

...once preflight runs, the PKG would install the home directory with the correct owner:group as defined in the PKG.

Seems pretty straight forward...hoping there are no gotcha's doing this under Lion.

Thoughts?

PS, the reason we are using preflight script is so the PKG we create can be deployed manually (double-clicked) or pushed using ARD or Casper.

Don

--
https://donmontalvo.com
0 Kudos
Reply
2 REPLIES 2

jarednichols
Honored Contributor

Posted on ‎05-21-2012 05:03 AM

Why not just build out the home folder with the script?

0 Kudos
Reply

rockpapergoat
Contributor III

Posted on ‎05-21-2012 05:27 AM

not that this is the best way or anything, but i've used something like this in the past:

https://github.com/rockpapergoat/luggage/blob/master/admin_account_10.7/Makefile

it packs up the account plists and homedir. for 10.7, passwords are stored in the plist itself, so that's basically all you have to include. you can optionally use a post flight to kick directoryservice/opendirectoryd when you're done.

for one of my old clients, i managed this via puppet, rather than packaging and installing. puppet ensured the accounts existed, were hidden, and had mcx applied.

0 Kudos
Reply