Skip to main content
Question

Automatically make Mobile Accounts Admins

  • August 31, 2018
  • 1 reply
  • 0 views
L
Forum|alt.badge.img+6

Hello all!

I'm looking to set Mobile Accounts to be administrators from the get go, before they've even been created. As default Mobile Accounts are set to standard, i'd like created mobile accounts to obtain administrator capabilities as default (if possible).

I've had a look at the following script from an old discussion: https://www.jamf.com/jamf-nation/discussions/7021/scripting-the-creation-of-ad-mobile-accounts-in-os-x

/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n dscl . -append /Groups/admin GroupMembership $4

This doesn't appear to run in High Sierra for me, not sure if it relates more to scripting the creation of mobile accounts. I'm happy for the mobile account to be created on login as they currently are, i just want the users to automatically be an admin.

Any thoughts or help appreciated.

    1 reply

    mm2270
    Forum|alt.badge.img+16
    • mm2270
    • Legendary Contributor
    • 7880 replies
    • August 31, 2018

    That command won't work. The -n flag expects to get a username for an account that exists in Active Directory, not a command like what you have there. Unless that was supposed to be a second command on it's own line. Even if it was, you need to specify a username with -n when using the createmobileaccount

    As for then making that account a local admin, you will want to use the dseditgroup command. dscl shouldn't really be used any more for changing admin status and even group memberships on accounts. It's still useful for other things, but I would not use it anymore for changing admin status.

    Example with dseditgroup:

    dseditgroup -o edit -a <username> admin

    The above requires root or sudo to work, but if it's done from a script running in a policy, that's taken care of.

    You can check the admin status of the account after the command above is run with:

    dseditgroup -o checkmember -m <username> admin

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings