Posted on 12-13-2023 07:29 AM
I found this script for deleting accounts below which works a treat.
However I work expect after a inventory update for Local User Accounts section in device record to be cleard also. But it still showing the delete accounts. Is there something I can add to the script or do to ensure this part of the device record get reset.
# Get a list of all user accounts
user_list=$(dscl . -list /Users | grep -v '^_')
# Specify the admin account(s) that you want to exclude
excluded_users=("admin1" "admin2" "root" "management account")
# Loop through the user list and delete user profiles except admin accounts
for user in $user_list; do
if [[ ! " ${excluded_users[@]} " =~ " ${user} " ]]; then
if [[ "$user" != "Shared" ]]; then # Exclude 'Shared' user
echo "Deleting user profile for: $user"
sudo sysadminctl -deleteUser "/Users/$user"
sudo rm -rf "/Users/$user"
fi
fi
done
Solved! Go to Solution.
Posted on 12-13-2023 07:08 PM
Here is the script that I have used
#!/bin/bash
######################### WARNING - THIS SCRIPT IS DISTRUCTIVE ##########################
# This script deletes all users not currently logged in, or the Jamf Management account.#
#
# #
#########################################################################################
#Discover the logged in user, so we dont accidentally delete them
loggedInUser=$( ls -l /dev/console | awk '{print $3}')
#print logged in user
echo "$loggedInUser is currently logged in"
#Find Users, excluding selected Admin user, and System and Service Accounts
users=$( dscl . ls /Users | grep -v '_' | grep -v 'root' | grep -v 'daemon'| grep -v 'nobody'| grep -v 'AdminAcount'| grep -v $loggedInUser )
echo "Removing User Accounts"
for a in $users; do
#delete user
/usr/bin/dscl . delete /Users/$a > /dev/null 2>&1
echo "$a's user account has been removed"
#Delete User Home Folder
/bin/rm -rf /Users/"$a"
echo "$a's user home folder has been removed"
continue
done
echo "User accounts Removed Sucessfully"
exit 0
Posted on 12-13-2023 08:32 AM
You can try using the Jamf binary to delete the accounts instead. Something like
JAMF=$( which jamf )
$JAMF deleteAccount -username "$user" -deleteHomeDirectory
should do it.
Posted on 12-13-2023 01:40 PM
Are the folders being removed, and are you doing a inventory update after they are?
Try adding the line "sudo jamf Recon" after the fi's:
fi
fi
sudo jamf Recon
done
If its just a inventory issue it might do it
Posted on 12-14-2023 12:53 AM
@SCCM I have done it outside the script but will give it a try I though it was also a recon issue.
Posted on 12-13-2023 07:08 PM
Here is the script that I have used
#!/bin/bash
######################### WARNING - THIS SCRIPT IS DISTRUCTIVE ##########################
# This script deletes all users not currently logged in, or the Jamf Management account.#
#
# #
#########################################################################################
#Discover the logged in user, so we dont accidentally delete them
loggedInUser=$( ls -l /dev/console | awk '{print $3}')
#print logged in user
echo "$loggedInUser is currently logged in"
#Find Users, excluding selected Admin user, and System and Service Accounts
users=$( dscl . ls /Users | grep -v '_' | grep -v 'root' | grep -v 'daemon'| grep -v 'nobody'| grep -v 'AdminAcount'| grep -v $loggedInUser )
echo "Removing User Accounts"
for a in $users; do
#delete user
/usr/bin/dscl . delete /Users/$a > /dev/null 2>&1
echo "$a's user account has been removed"
#Delete User Home Folder
/bin/rm -rf /Users/"$a"
echo "$a's user home folder has been removed"
continue
done
echo "User accounts Removed Sucessfully"
exit 0
Posted on 12-14-2023 12:52 AM
@mickgrant thats really helpful one question how do exclude other admin accounts would it be this
grep -v 'name of account goes here'|
Have you found this clear down the local user section in the device record?
Posted on 12-14-2023 04:54 AM
@mickgrant I think I have something working thanks again 😀
Posted on 12-14-2023 01:28 PM
Yes that's exactly how to do it.
Posted on 01-30-2024 12:30 PM
Is anyone aware of any reasons that an account can't always be deleted?
I have a shell script that tries to delete an account once the account is at least x minutes old. I've tried to delete the account with sysadminctl -deleteUser and jamf -deleteAccount. Sometimes it works, sometimes it doesn't.
I've also tried Delete Account under the local accounts section in a policy instead of running my script from the policy. Same iffy results. And the same iffy results if I run the script through a launchdaemon on the machine.
The error from Delete Account or jamf -deleteAccount isn't very helpful (even with -verbose).
...that's it. 😕
BUT! If I run my script directly (with sudo) on the machine it seems to work all the time.
I thought it might be a background process running under the account to be deleted holding it up, but same results after a restart. Sometimes it works, sometimes it doesn't.
Posted on 01-30-2024 12:32 PM
If memory serves, there must always be an admin account with a Secure Auth Token on the machine if you are deleting another account. Would your script above be clearing out the last admin account present on the machine?
Posted on 01-30-2024 01:18 PM