Big Sur: Deleting users after they have logged out

New Contributor

My team and I are trying to move away from DeepFreeze going forward with Big Sur but is kind of stumped on how to do it.

We work in a student lab with 200 macs so ultimately, we want to delete the users profile after the student have logged out. We used DeepFreeze because we granted all student admin privileges (required by the lab policy) and so with DeepFreeze, all user changes was reverted including the creation of the user profile. However, we found the slow updates with DeepFreeze as a company for each Mac OS release annoying so we want to move away from it if possible.

A lot of old threads point to logout hooks, but that has been deprecated. Some have pointed in using Offset, but it doesn't seem to be updated with Big Sur nor do we want to be dependent on a community script that is not properly maintained.

Has anyone successfully created a workflow to delete user profiles after user logs out in Big Sur? Our last resort would be running a script when the lab closes to remove all user profiles, but that would only be a workaround for us.

Any tips/suggestions would be appreciated.



Hello, Have you found a solution to this? I use a script that worked in Mojave. Our students log in with their AD credentials. When they logout, it deletes the home folder. Found that it would delete the contents first then on next logout from a user, it would delete the whole folder. Would specify which admin home directories to keep along with the root. That all being said, it does not work with BigSur. Would be interested if you were able to find a solution.

New Contributor II

I moved my script to the start up trigger. Deletes all users except my local admin accounts  on restart. 

New Contributor II

@dross Could you share how you have done this?

New Contributor II

I run this Script from a policy with the Startup trigger selected and ongoing frequency. 

# Name: remove-non-local-users
# Purpose: Removes all non-local accounts on machines to set Defaults.
# Will spare the 'fsadmin,' 'rduser,' and 'Shared' home directories.
users=`find /Users -type d -maxdepth 1 | cut -d"/" -f3`
# you can edit this to remove only accounts that haven't logged in for x days: add '-mtime +<# of days>' after maxdepth

# Script #
for i in $users; do
if [[ $i = "fsadmin" ]] || [[ $i = "Shared" ]] || [[ $i = "rduser" ]] || [[ $i = "fsa" ]]; then continue
jamf deleteAccount -username $i -deleteHomeDirectory
chmod -Rf 777 /Users/$i
rm -Rf /Users/$i
# Remove the student home directory but leave the account at the end.
#rm -Rf /Users/student