Local Admin to Standard user

Saljuhani
New Contributor

Hi Jamfers

i have an issue where a bulk of my users are local admins on their machines. We have another local admin account on the machines lets call it (ADMIN). I would like to make the user's accounts as standard but keep the (ADMIN) account as local admin.

What can i do in this situation? Does anyone have any scripts that might help me do this?

Thank You in advance

5 REPLIES 5

mm2270
Legendary Contributor III

Have you already tried doing some searches here for similar topics? I have to believe there are several threads already that discuss this and may have example scripts being used to do it.

SincerelyJoshin
New Contributor II

Hey Saud,

Look into the dseditgroup man page, that should point you in the right direction.

dmohs
Contributor

Agreeing with SincerelyJoshin, dseditgroup should be your answer. Here is a sample line of code for demoting user "janedoe" from an administrator to a standard user. I found it yesterday while seeking the same information.

dseditgroup -o edit -d janedoe -t user -L admin

nvandam
Contributor II

This is what we use. We just removed admin rights from about 90 people with this script. It removes rights from anyone except those specified, here root, youradmin1, and youradmin 2 would be left as admins. You can add as many admins as you'd like to stay admin.

#!/bin/sh

adminUsers=$(dscl . -read Groups/admin GroupMembership | cut -c 18-)

for user in $adminUsers
do
    if [ "$user" != "root" ]  && [ "$user" != "youradmin1" ] && [ "$user" != "youradmin2" ]
    then 
        dseditgroup -o edit -d $user -t user admin
        if [ $? = 0 ]; then echo "Removed user $user from admin group"; fi
    else
        echo "Admin user $user left alone"
    fi
done

wawuku
New Contributor

I was able to accomplish this using this simple script, where John is the Username;

dscl . -delete /Groups/admin GroupMembership john

Hope this was helpful