Skip to main content
Solved

Adding Additional Management Account for SSH Use


sepiemoini
Forum|alt.badge.img+19

We have a standard management account that we use which is deployed during imaging and at enrollment. A request has been brought forth to add a second management account. The Local Accounts and Management Accounts payloads do not seem to have this feature built-in. It is worth noting that the second account that is needed to have SSH functionality enabled is being added via a Self Service policy that is initiated by the user performing the imaging/deployment of the client machine. This policy adds that user as an administrator and as a FileVault 2-enabled user. Has anyone else implemented a similar workflow? If so, do you mind sharing what steps you took?

Best answer by sepiemoini

Great, thanks @mike.pinto!

What about just simply adding a Files and Processes>Execute Command in the account creation policy?

sudo dseditgroup -o edit -t user -a <username> com.apple.access_ssh
View original
Did this topic help you find an answer to your question?

5 replies

sepiemoini
Forum|alt.badge.img+19
  • Author
  • Employee
  • 180 replies
  • May 31, 2016

Looking into this approach right now: http://magervalp.github.io/CreateUserPkg/

Many thanks, @cshepp11!


sepiemoini
Forum|alt.badge.img+19
  • Author
  • Employee
  • 180 replies
  • May 31, 2016

Hmmm, does anyone have a more streamlined approach? Perhaps via scripting? I should have added that this would be for OS X 10.11.5 deployments.


Forum|alt.badge.img+7
  • Contributor
  • 42 replies
  • May 31, 2016

Couldn't you drop the package to create a user and then add them to the com.apple.access_ssh group in a postinstall?


sepiemoini
Forum|alt.badge.img+19
  • Author
  • Employee
  • 180 replies
  • Answer
  • May 31, 2016

Great, thanks @mike.pinto!

What about just simply adding a Files and Processes>Execute Command in the account creation policy?

sudo dseditgroup -o edit -t user -a <username> com.apple.access_ssh

sepiemoini
Forum|alt.badge.img+19
  • Author
  • Employee
  • 180 replies
  • May 31, 2016

And when I meant SSH access, I meant remote management! I added this as an Execute Command which did the trick.

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users <username> -privs -all -restart -agent -menu

Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings