Jamf Nation Community

I delete the home folders at logout to prevent clutter. So, when a user logs in it creates a mobile account for them, but at logout it deletes their home folder in /Users. Here is the script I use:

#!/bin/sh -f

if [ ! "$1" = "localadmin" ] && [ ! "$1" = "root" ]
then rm -r /Users/$1
fi

I run it at logout through the JSS, but I'm not sure how to do it automatically every so often. I'm really sorry if this was no help :-)

you should be able to create a cronjob that will run the script

We do something similar (but also deleting mobile accounts and several other things) via script/policy once per day. It sounds like all you need is something like this that runs regularly (i.e. once per day or week):

#!/bin/sh

for home in $(ls /Users | grep -v localadmin | grep -v Shared)
do
rm -rf /Users/$home
done

jagress this script is just grabbing the AD created users and not the system users correct?

Not necessarily. It's all home folders in /Users except those specified by "grep -v name". I'm not sure what you mean by system users, but it sounds like you mean your local admin accounts; all you need to do is change "localadmin" in the example to the name of your admin account. If you have multiple accounts whose home folders you don't wan't deleted, then add those in with a pipe and another "grep -v name" - for example: grep -v account1 | grep -v account2 | grep -v account3. This may not be a perfect way to do this, but it does work.

Not necessarily. It's all home folders in /Users except those specified by "grep -v name". I'm not sure what you mean by system users, but it sounds like you mean your local admin accounts; all you need to do is change "localadmin" in the example to the name of your admin account. If you have multiple accounts whose home folders you don't want deleted, then add those in with a pipe and another "grep -v name" - for example: grep -v account1 | grep -v account2 | grep -v account3. This may not be a perfect way to do this since you do have to explicitly define the accounts you don't want touched, but it does work and happens to be the way I like doing it in my environment.

Hi, am using the above script with casper, but getting exit code: 126 error. Any suggestion? the script as below:

#!/bin/sh
for home in $(ls /Users | grep -v localadmin | grep -v Shared)
do
rm -rf /Users/$home
done

So this script is working fine for me at this point, however I wanted to put in a command to not delete a user if he is currently logged in. Is this as easy as putting in a grep -v $3?

Gabe Shackney
Princeton Public Schools

This looks like what I want! Thanks MsBlake. I'm just going to edit the grep to add a few extra account names we would like saved. Otherwise this looks perfect.

Gabe Shackney
Princeton Public Schools

I agree with CasperSally. This was working nicely with MCX in 10.6 but broke in 10.7 +.

I've been using this script with success:

#!/bin/bash

# This script works well for removing local accounts that are older than 1 day. 
# Obviously the 1 day time frame can be modified (-mtime +1).  

# Credit to http://groups.google.com/group/macenterprise/browse_thread/thread/e6ca6a75ef1bf40e/2e19da23e6cb2b27?lnk=gst&q=delete+accounts#2e19da23e6cb2b27

# Runs using Launch Daemon - /Library/LaunchDaemons/edu.org.deleteaccounts.plist
# version .7

DATE=`date "+%Y-%m-%d %H:%M:%S"`

# Don't delete local accounts
keep1="/Users/admin_account_1"
keep2="/Users/admin_account_2"
keep3="/Users/Shared"
currentuser=`ls -l /dev/console | cut -d " " -f 4`
keep4=/Users/$currentuser

USERLIST=`/usr/bin/find /Users -type d -maxdepth 1 -mindepth 1 -mtime +1`

for a in $USERLIST ; do
    [[ "$a" == "$keep1" ]] && continue  #skip admin_account_1
    [[ "$a" == "$keep2" ]] && continue  #skip admin_account_2
    [[ "$a" == "$keep3" ]] && continue  #skip shared
    [[ "$a" == "$keep4" ]] && continue  #skip current user

# Log results
echo ${DATE} - "Deleting account and home directory for" $a >> "/Library/Logs/deleted user accounts.log"

# Delete the account
/usr/bin/dscl . -delete $a  

# Delete the home directory
/bin/rm -rf $a

done 
exit 0

Perfect timing for this post. I need to do some summer maintenance on our 10.8 AD bound computers as well. I'd like to delete all the AD student accounts and folders, however I have to be carefully not to delete our AD "admin" users accounts.

It looks like Scott has a good solution for this but I'm not sure how to incorporate just AD admin users. The script seems to require a specific user to exclude. Also we make our AD admin users local admin as well so when they take the computers home they're still admin. So how does that come into play? Don't I technically have an AD admin user and local admin user by the same name?

Thanks for any help,
Chuck

@FastGM3: This should also skip the users in the group stored in the adminGrp variable at the top.

Untested

#!/bin/bash

adminGrp="admin"

# Loop through users with homes in /Users; exclude any accounts you don't want removed (i.e. local admins, admin group, and the current user if policy runs while someone is logged in)

for username in `ls /Users | grep -v localadmin | grep -v anotherlocaladmin | grep -v Shared`
do
    if [[ `dseditgroup -o checkmember -m $username $adminGrp | awk '{print $1}'` == "yes" ]]; then
        echo "Skipping user: $username (admin)"
    elif [[ $username == `ls -l /dev/console | awk '{print $3}'` ]]; then
        echo "Skipping user: $username (current user)"
    else
         echo "Removing user: $username"

        # Optional, removes the account
        dscl . delete /Users/$username

        # Removes the user directory
        rm -rf /Users/$username
    fi
done

How would I be able to run one of the given scripts at a specific time through jamf?