Posted on 05-31-2016 08:23 AM
We have a standard management account that we use which is deployed during imaging and at enrollment. A request has been brought forth to add a second management account. The Local Accounts and Management Accounts payloads do not seem to have this feature built-in. It is worth noting that the second account that is needed to have SSH functionality enabled is being added via a Self Service policy that is initiated by the user performing the imaging/deployment of the client machine. This policy adds that user as an administrator and as a FileVault 2-enabled user. Has anyone else implemented a similar workflow? If so, do you mind sharing what steps you took?
Solved! Go to Solution.
Posted on 05-31-2016 09:58 AM
Great, thanks @mike.pinto!
What about just simply adding a Files and Processes>Execute Command in the account creation policy?
sudo dseditgroup -o edit -t user -a <username> com.apple.access_ssh
Posted on 05-31-2016 11:01 AM
And when I meant SSH access, I meant remote management! I added this as an Execute Command which did the trick.
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users <username> -privs -all -restart -agent -menu
Posted on 05-31-2016 08:52 AM
Looking into this approach right now: http://magervalp.github.io/CreateUserPkg/
Many thanks, @cshepp11!
Posted on 05-31-2016 09:02 AM
Hmmm, does anyone have a more streamlined approach? Perhaps via scripting? I should have added that this would be for OS X 10.11.5 deployments.
Posted on 05-31-2016 09:28 AM
Couldn't you drop the package to create a user and then add them to the com.apple.access_ssh group in a postinstall?
Posted on 05-31-2016 09:58 AM
Great, thanks @mike.pinto!
What about just simply adding a Files and Processes>Execute Command in the account creation policy?
sudo dseditgroup -o edit -t user -a <username> com.apple.access_ssh
Posted on 05-31-2016 11:01 AM
And when I meant SSH access, I meant remote management! I added this as an Execute Command which did the trick.
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users <username> -privs -all -restart -agent -menu