How to remove local account that was created by a Jamf Policy

kwoodard
Contributor III

When we all went home when Covid struck, I had a day or so to setup some local accounts for people to use if their usual logins failed. I created both a standard and an admin account. These were pushed out via Jamf and setup on all computers we have on our instance. Now that things are slowly returning to normal, I am wanting to remove these accounts from some computers that no longer need them. I have found that just removing them from the policy doesn't remove the account. Is there a way to do this? I assume I will need a script of some kind. If there is a way to do it through the GUI, that would be best...

4 REPLIES 4

sdagley
Honored Contributor III

@kwoodard The sysadminctl tool is the preferred way to remove an account these days. See https://osxbytes.wordpress.com/2017/03/15/how-to-remove-accounts-cleanly/ for a writeup on usage.  

If the account is named the same thing on all Macs you could just send the following command via a Policy using a Files and Processes payload:

/usr/sbin/sysadminctl -deleteUser AccountNameToDelete

AJPinto
Valued Contributor

The only comment I have is mass deletion can be dangerous. I would sent plenty of notification for people to move any files that they may have shoved in that profile. That being said, this is the way; nuke it with CLI.

mickgrant
Contributor II

You can use the Local Accounts payload in a policy.
It not only allows you to create accounts but also to delete them. You also have the option to delete the home folders permanently, all set up in a couple of clicks

I tried to do this and it worked on a handful of computers, but not all. What is weird is that all the computers are in the same lab, same specs, same load out…but not the same results. On most of them, the account appears to be deleted, but the user folder is still there.