Jamf Nation Community

tdenton · ‎12-13-2023

I found this script for deleting accounts below which works a treat.
However I work expect after a inventory update for Local User Accounts section in device record to be cleard also. But it still showing the delete accounts. Is there something I can add to the script or do to ensure this part of the device record get reset.

# Get a list of all user accounts
user_list=$(dscl . -list /Users | grep -v '^_')

# Specify the admin account(s) that you want to exclude
excluded_users=("admin1" "admin2" "root" "management account")

# Loop through the user list and delete user profiles except admin accounts
for user in $user_list; do
if [[ ! " ${excluded_users[@]} " =~ " ${user} " ]]; then
if [[ "$user" != "Shared" ]]; then # Exclude 'Shared' user
echo "Deleting user profile for: $user"
sudo sysadminctl -deleteUser "/Users/$user"
sudo rm -rf "/Users/$user"
fi
fi
done

mickgrant · ‎12-13-2023

Here is the script that I have used

#!/bin/bash

######################### WARNING - THIS SCRIPT IS DISTRUCTIVE ##########################
# This script deletes all users not currently logged in, or the Jamf Management account.#
# 
# 													    #
#########################################################################################

#Discover the logged in user, so we dont accidentally delete them
loggedInUser=$( ls -l /dev/console | awk '{print $3}')
#print logged in user
echo "$loggedInUser is currently logged in"

#Find Users, excluding selected Admin user, and System and Service Accounts
users=$( dscl . ls /Users | grep -v '_' | grep -v 'root' | grep -v 'daemon'| grep -v 'nobody'| grep -v 'AdminAcount'| grep -v $loggedInUser )

echo "Removing User Accounts"

for a in $users; do
#delete user
	/usr/bin/dscl . delete /Users/$a > /dev/null 2>&1
	echo "$a's user account has been removed"
#Delete User Home Folder
	/bin/rm -rf /Users/"$a"
	echo "$a's user home folder has been removed"
continue
done

echo "User accounts Removed Sucessfully"
exit 0

View solution in original post

McAwesome · ‎12-13-2023

You can try using the Jamf binary to delete the accounts instead. Something like

JAMF=$( which jamf )

$JAMF deleteAccount -username "$user" -deleteHomeDirectory

should do it.

SCCM · ‎12-13-2023

Are the folders being removed, and are you doing a inventory update after they are?
Try adding the line "sudo jamf Recon" after the fi's:

fi
fi

sudo jamf Recon

done

If its just a inventory issue it might do it

tdenton · ‎12-14-2023

@SCCM I have done it outside the script but will give it a try I though it was also a recon issue.

mickgrant · ‎12-13-2023

Here is the script that I have used

#!/bin/bash

######################### WARNING - THIS SCRIPT IS DISTRUCTIVE ##########################
# This script deletes all users not currently logged in, or the Jamf Management account.#
# 
# 													    #
#########################################################################################

#Discover the logged in user, so we dont accidentally delete them
loggedInUser=$( ls -l /dev/console | awk '{print $3}')
#print logged in user
echo "$loggedInUser is currently logged in"

#Find Users, excluding selected Admin user, and System and Service Accounts
users=$( dscl . ls /Users | grep -v '_' | grep -v 'root' | grep -v 'daemon'| grep -v 'nobody'| grep -v 'AdminAcount'| grep -v $loggedInUser )

echo "Removing User Accounts"

for a in $users; do
#delete user
	/usr/bin/dscl . delete /Users/$a > /dev/null 2>&1
	echo "$a's user account has been removed"
#Delete User Home Folder
	/bin/rm -rf /Users/"$a"
	echo "$a's user home folder has been removed"
continue
done

echo "User accounts Removed Sucessfully"
exit 0

tdenton · ‎12-14-2023

@mickgrant thats really helpful one question how do exclude other admin accounts would it be this

grep -v 'name of account goes here'|

Have you found this clear down the local user section in the device record?

tdenton · ‎12-14-2023

@mickgrant I think I have something working thanks again 😀

mickgrant · ‎12-14-2023

Yes that's exactly how to do it.

cwaldrip · ‎01-30-2024

Is anyone aware of any reasons that an account can't always be deleted?

I have a shell script that tries to delete an account once the account is at least x minutes old. I've tried to delete the account with sysadminctl -deleteUser and jamf -deleteAccount. Sometimes it works, sometimes it doesn't.

I've also tried Delete Account under the local accounts section in a policy instead of running my script from the policy. Same iffy results. And the same iffy results if I run the script through a launchdaemon on the machine.

The error from Delete Account or jamf -deleteAccount isn't very helpful (even with -verbose).

Executing Policy EUC Admin Removal
Attempting to delete user eucadmin…
Unable to delete user eucadmin

...that's it. 😕

BUT! If I run my script directly (with sudo) on the machine it seems to work all the time.

I thought it might be a background process running under the account to be deleted holding it up, but same results after a restart. Sometimes it works, sometimes it doesn't.

McAwesome · ‎01-30-2024

If memory serves, there must always be an admin account with a Secure Auth Token on the machine if you are deleting another account. Would your script above be clearing out the last admin account present on the machine?

cwaldrip · ‎01-30-2024

Good thought… I know the jamf management account doesn’t get a secure token by default, and I checked the other admin account on the machine, and it doesn’t have a secure token either.

I think this may be the issue.

________________________________

This message may contain confidential information and is intended for specific recipients unless explicitly noted otherwise. If you have reason to believe you are not an intended recipient of this message, please delete it and notify the sender. This message may not represent the opinion of Intercontinental Exchange, Inc. (ICE), its subsidiaries or affiliates, and does not constitute a contract or guarantee. Unencrypted electronic mail is not secure and the recipient of this message is expected to provide safeguards from viruses and pursue alternate means of communication where privacy or a binding message is desired.

Jamf Nation Community

deleting accounts Jamf connect