Best way to create hidden admin account [branch off old thread]

donmontalvo
Esteemed Contributor II

I didn't want to hijack @johnklimeck's thread:

https://jamfnation.jamfsoftware.com/discussion.html?id=6438

So here's a related issue...users who disable our hidden local admin account (not our hidden Casper management account). Aside from tracking/reporting these incidents, we need a way for Casper to recreate the account. Another twist is to remove the hiddenadmin user home directory if it happens to be in /Users.

Three commands are needed:

sudo dscl . delete /Users/hiddenadmin ;

sudo rm -Rf /Users/hiddenadmin ;

sudo jamf createAccount -username hiddenadmin -password xxxxxxxx -shell /bin/bash -admin -hiddenuser -home /private/var/hiddenadmin

Admittedly this is a BFH, but it's the only sure fire way to ensure the account is always enabled. No issue with deleting the home directory, since nothing should be stored there anyways; no issue in blasting the account from dscl since it's a local account and we can't risk the account existing (with an unknown password); and the jamf binary is certainly the easiest way to create the hidden admin account with all the attributes we want.

But...we'd like to build some logic into the command. This way if dscl does not show the hidden admin account, skip to the next command...if there is no visible home directory skip to the last command.

Would the logic be overkill?

Don

--
https://donmontalvo.com
1 ACCEPTED SOLUTION

winningham_2
Contributor

I found the create hidden user to be valuable to me in this thread (Thanks @Don). However, in 10.8.4, the create account should also include a real name. For example:

sudo jamf createAccount -**realname** hiddenadmin -username hiddenadmin -password xxxxxxxx -shell /bin/bash -admin -hiddenuser -home /private/var/hiddenadmin

View solution in original post

2 REPLIES 2

winningham_2
Contributor

I found the create hidden user to be valuable to me in this thread (Thanks @Don). However, in 10.8.4, the create account should also include a real name. For example:

sudo jamf createAccount -**realname** hiddenadmin -username hiddenadmin -password xxxxxxxx -shell /bin/bash -admin -hiddenuser -home /private/var/hiddenadmin

Matt
Valued Contributor

I package my 3 hidden users and some associated files with them and then do it all at imaging.