Deleting Casper Created Account?

easyedc
Valued Contributor II

Doing some testing for a task that I have been assigned and I created an account through a policy. The account created without issue, but I couldn't deleted it through the Users preference pane in Sys Prefs. Is this a known thing or a bug? I could only delete it via Casper Remote. Doing some googlin' and couldn't find any other posts talking about it.

Thanks

1 ACCEPTED SOLUTION

easyedc
Valued Contributor II

So it appears that this was an Apple thing. the Issue was that the local account was the only non-hidden, local account on the workstation. Every other account was either an AD mobile account or hidden service account. If I created another local account I could go back and delete this one.

Casper Remote could delete the account since it performs the deletion with

sudo /usr/bin/dscl . -delete "/Users/XXXX"

and I could also delete via terminal with the same command. Apple confirmed that the GUI will not allow you to remove a local admin user if it is the only local admin user. It makes sense that this is the case, but from memory, this seems different that what you could do in the past.

View solution in original post

4 REPLIES 4

Asnyder
Contributor III

Did it show up in the user preference pane at all? My guess is that it's a hidden account and the UID of the user account you tried to delete it with was an over 500 user.

easyedc
Valued Contributor II

Nope. It's a visible account. Both old and new accounts are 500+.

mm2270
Legendary Contributor III

Was there an error displayed when you tried to delete it? Or did it look like it was going to work, but the account just remains after it finishes?
Is there anything else you can post about the account that might help us figure out what's going on? I can't see how an account created by a Jamf policy would be non deletable under a regular admin account.

easyedc
Valued Contributor II

So it appears that this was an Apple thing. the Issue was that the local account was the only non-hidden, local account on the workstation. Every other account was either an AD mobile account or hidden service account. If I created another local account I could go back and delete this one.

Casper Remote could delete the account since it performs the deletion with

sudo /usr/bin/dscl . -delete "/Users/XXXX"

and I could also delete via terminal with the same command. Apple confirmed that the GUI will not allow you to remove a local admin user if it is the only local admin user. It makes sense that this is the case, but from memory, this seems different that what you could do in the past.