We have a standard management account that we use which is deployed during imaging and at enrollment. A request has been brought forth to add a second management account. The Local Accounts and Management Accounts payloads do not seem to have this feature built-in. It is worth noting that the second account that is needed to have SSH functionality enabled is being added via a Self Service policy that is initiated by the user performing the imaging/deployment of the client machine. This policy adds that user as an administrator and as a FileVault 2-enabled user. Has anyone else implemented a similar workflow? If so, do you mind sharing what steps you took?
Solved
Adding Additional Management Account for SSH Use
Best answer by sepiemoini
Great, thanks @mike.pinto!
What about just simply adding a Files and Processes>Execute Command in the account creation policy?
sudo dseditgroup -o edit -t user -a <username> com.apple.access_ssh
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.