Creating Local hidden admin account via policy

BenL
New Contributor III

This feels like i'm missing something simple but I can't put my finger on it. I'm trying to create a local hidden admin account via a policy. The directory we will say is /private/var/USERNAME. With that said, it's not creating the account it's returning a policy error. No issue creating non /private accounts. Any thoughts?

I currently have to deploy a hidden user with a directory and some key files. Yes I could probably do it with a script BUT I can't due to security reasons with the password. So the end results was to push the admin account then push the directory folders to it later.

1 ACCEPTED SOLUTION

stevewood
Honored Contributor II
Honored Contributor II

@BenL you can use CreateUserPKG (available in Mac App Store) to create a user that is an admin and with a UID below 500. Then a script to create the folders and set permissions properly. So a policy with the PKG and an After script would do the trick. Script could be as simple as:

#!/bin/sh

rm -rf /Path/To/User/Home/*
cp -R /System/Library/User Template/English.lproj/* /Path/To/User/Home/
chown -R <user>:staff /Path/To/User/Home/

View solution in original post

3 REPLIES 3

stevewood
Honored Contributor II
Honored Contributor II

@BenL you can use CreateUserPKG (available in Mac App Store) to create a user that is an admin and with a UID below 500. Then a script to create the folders and set permissions properly. So a policy with the PKG and an After script would do the trick. Script could be as simple as:

#!/bin/sh

rm -rf /Path/To/User/Home/*
cp -R /System/Library/User Template/English.lproj/* /Path/To/User/Home/
chown -R <user>:staff /Path/To/User/Home/

tthurman
Contributor III

You may be able to use JAMF's binary to do this.

sudo jamf createAccount

Regards,
TJ

BenL
New Contributor III

@stevewood Thanks Steve. I used the app. I was incorrectly told that it didn't work by someone else who tried it that way. I tried it, worked like a charm and I moved the files over. Thanks everyone.