Help

Creating new local accounts

mconners
Valued Contributor

Posted on ‎04-10-2020 12:52 PM

Hello Everyone,

We have all of our current systems setup to use mobile accounts. However, next week, we will be sending out, to a number of students, Mac laptops for the students to finish up their course work from home.

The question is, once the computer leaves our network, they won't be able to use the computer unless there is a local profile already created on the system.

Is there a way to convert or change our setup to allow for the student to create a new local user without being on our network?

Thoughts and guidance are most welcome as I am brainstorming solutions at this point. Thank you.

Labels:
0 Kudos
2 REPLIES 2

shaquir
Contributor III

Posted on ‎04-12-2020 12:18 PM

Hi @mconners ,
I'm trying to get a better understanding of what you need. Are the students accounts already created as Mobile Accounts on the computers that they'll be sent to?

If you are concerned about mobile accounts locking out, you can perform the below command to extend the days needed for it the machine to authenticate to AD:

sudo dsconfigad -passInterval 0

If you'd like to have users be able to create accounts outside of your network, your best bet may be to look into a solution like Jamf Connect.

Alternatively, if you utilize DEP (highly recommend if you do not already), you could create a prestage enrollment and set Local User Account Type Type to Standard User.

0 Kudos

mconners
Valued Contributor

Posted on ‎04-13-2020 06:06 AM

Hello @shaquir I think I found a way to accomplish we are intending to do.

Essentially, we are going to remove the .AppleSetupDone file via a command to the computers. This policy is setup to force an immediate restart. When restarted, the setup assistant reruns. This time through, I modified our prestige enrollment to setup a local account and I removed the option to flush policies on enrollment.

This allows us to send the computers to the users and when the Mac is turned on, they are forced to create a new local account via the setup assistant which I modified using the prestage enrollment. This will be fine for the short term and when we get them back, we will wipe the computers and reset the prestige enrollment to skip account creation and ensure that policy flushing is reenabled on re-enrollment.

0 Kudos