Auto Login Local User

anverhousseini
Contributor II
Contributor II

Hi

A question: How can I deploy to turn on automatic login for a local user. I found in a other discussion this script but I cant get this working: http://www.brock-family.org/gavin/perl/kcpassword.html

What do I have to do to enable the automatic login? I'm a bit confused with this script.

Thank you!

1 ACCEPTED SOLUTION

blindcola
New Contributor III

There are two methods depending on if the account is already present or new. New accounts are easy. Use the CreateUserPkg application to set up your user, the auto login function is working. Make sure to change the user ID number. Once you have your user set up the way you want it to appear on all your devices, say a lab or cart. Click save package, you get a .pkg file that can be deployed via a casper policy. There is a catch with this when using the auto login function, it has to be run as a start up item and requires a restart immediately after. Once the system restarts it will log right into the new account. Check out the following links for this method.
http://magervalp.github.io/CreateUserPkg/
You also should check out this on for disabling the icloud pop up
https://derflounder.wordpress.com/2014/11/18/automatically-suppressing-the-icloud-and-diagnostics-pop-up-windows-with-casper/

If the account already exits, and you don't want to delete the account on a fleet of computers. Create a user on a fresh system with the exact same name and password. Turn on auto login for that user and grab the kcpassword file at /private/etc/ and user composer to create an installer for that file. In casper create a policy to deploy your kcpassword file, set it to restart, and under files and processes run defaults write /Library/Preferences/com.apple.loginwindow autoLoginUser "your user name"

Hope that helps!

View solution in original post

17 REPLIES 17

Reno
New Contributor III

A colleague recently got this working. I believe he found that populating the kcpassword file and plist entries worked only as a startup task.

blindcola
New Contributor III

There are two methods depending on if the account is already present or new. New accounts are easy. Use the CreateUserPkg application to set up your user, the auto login function is working. Make sure to change the user ID number. Once you have your user set up the way you want it to appear on all your devices, say a lab or cart. Click save package, you get a .pkg file that can be deployed via a casper policy. There is a catch with this when using the auto login function, it has to be run as a start up item and requires a restart immediately after. Once the system restarts it will log right into the new account. Check out the following links for this method.
http://magervalp.github.io/CreateUserPkg/
You also should check out this on for disabling the icloud pop up
https://derflounder.wordpress.com/2014/11/18/automatically-suppressing-the-icloud-and-diagnostics-pop-up-windows-with-casper/

If the account already exits, and you don't want to delete the account on a fleet of computers. Create a user on a fresh system with the exact same name and password. Turn on auto login for that user and grab the kcpassword file at /private/etc/ and user composer to create an installer for that file. In casper create a policy to deploy your kcpassword file, set it to restart, and under files and processes run defaults write /Library/Preferences/com.apple.loginwindow autoLoginUser "your user name"

Hope that helps!

View solution in original post

anverhousseini
Contributor II
Contributor II

Hi blindcola

I could deploy the kcpassword file and run this command and now it works. Thank you!

JayDuff
Contributor II

Does anyone know if CreateUserPkg works with Sierra? I tried it, and am getting an error about not finding a keychain, and a looping error about macOS needing to repair the Library to run applications.

Development has ceased, with 10.9 being the last supported OS.

Is there a replacement?

Is there another way to do this (Create a new user, set it to auto-login, and save it as a pkg, so it can be deployed as part of a config in Imaging) in Sierra?

bentoms
Honored Contributor III
Honored Contributor III

@JayDuff It does still work, in my limited testing.

JayDuff
Contributor II

@bentoms

@JayDuff It does still work, in my limited testing.

I'm interested to hear about your environment. I tried to use it with an otherwise-stock AutoDMG-created Sierra image, and I got a nasty error loop. It kept asking for the password to unlock a keychain, and saying a keychain was not found.

sdagley
Honored Contributor II

@JayDuff The behavior you describe is often due to using an AD login but not having the option to create a mobile account at login enabled, but I don't understand why that would be a problem with a user being created with CreateUserPkg.

JayDuff
Contributor II

@sdagley Thanks for weighing in.

We do have AD in use here, but the Macs aren't bound to it. We only use it for logging into storage, authenticating to our copiers, and getting onto the BYOD network. Also, the account created is not on AD (it's called "Default").

I was thinking there could be a conflict with the management account being created by Casper, but I tried with a different User ID (505), and checked the install after imaging box, and that got it! But it didn't auto-logon for some reason, and it is asking for iCloud and Siri, even though I've manually installed a .AppleSetupDone file from a computer that has already answered those questions. That's a separate issue.

I think checking the Install After Imaging box made the difference for the account. So, yeah - CreateUserPkg works, except the Auto Login.

JayDuff
Contributor II

I was able to get everything working! I used CreateUsrPkg to create the user. The Autologin didn't work, but I put a script into the JSS that's essentially a one-liner:

#/bin/bash

defaults write /Library/Preferences/com.apple.loginwindow autoLoginUser default

exit 0

Then I brought this script into the JSS.

I added both of the scripts to the Configuration, in Casper Admin, setting them to run After Reboot, and BINGO!

tim_rees
Contributor

I know this post has been dead for a while...

I have the setting, and kcpassword file deploying fine on a Macbook Pro - 10.13.5 - as part of my post-DEP workflow, but it isn't working on an iMac with the exact same set up...

Anyone else seeing this? Anyone have any ideas?

Tim

dtmille2
Contributor II

I'm interested in a working solution for this as well. Anyone currently able to automatically enable auto login for a local user in a 10.13, DEP or Netinstall workflow?

tnielsen
Valued Contributor

dtmille2, I'm currently stuck here as well.

I really don't want to make the techs login as local administrator to finalize a "zero touch" process.

benk
New Contributor

dtmille2 & tnielsen

The way i got this to work in 10.14, was to use a Computer PreStage Enrollment to create my local admin user.

859d36fff6384fcab1a22fe95ccf3c8f

I then used pycreateuserpkg cli to create the exact same user with autologin set with the command switch, and deployed that identical user as a pkg.
https://github.com/gregneagle/pycreateuserpkg

My cli looked something like this.
$createuserpkgbinarypath/createuserpkg -n $orgname_autologin -f $Orgname AutoLogin Account -u 501 -p $Password -H /Users/$orgname_autologin --admin --autologin --hidden --version=1.0.0 --identifier=$OrgnameAutologinpkg /Users/$User/Documents/cccbautologin.pkg

That worked for me to get near-Zero touch provisioning working for us. In our case we need to install all applications/configurations, bind to AD before handing the device to the end user. (We have a 20GB Parallels Windows VM to install for most users)

KyleEricson
Valued Contributor

@benk Is the -u always 501? Are you still using this method on 10.14+?

cwaldrip
Valued Contributor

@kericson I just tried @benk 's method on a 10.15 machine. The first user account is going to be 501, unless you've specified it with something else (used pycreateuser to create a different account with a different UID or created a hidden user account, etc). In my case we use 503 (you could use 550 or something else that's at least higher than the first few 500's to be safe).

msw-sa
New Contributor III

thanks @benk — this same process worked perfectly for me on Big Sur as well. Created a local user with a policy, then installed a package of the same user. So far have only tested installing the package manually, not from JAMF, but so far looks good.

brunerd
Contributor

I made a couple scripts to do this without deprecated scripting dependencies (Python/perl/Ruby) and without needing to create a package either: setAutomaticLogin.jamf.sh (use in a jamf policy) and setAutomaticLogin.sh (standalone)

I talk a bit more about them here: Automating automatic login for macOS

The account will need to exist before running the script, as it'll check and also verify the password is correct. Hope this helps make things easier for folks!