Jamf Nation Community

Saljuhani · ‎07-20-2018

Hi Jamfers

i have an issue where a bulk of my users are local admins on their machines. We have another local admin account on the machines lets call it (ADMIN). I would like to make the user's accounts as standard but keep the (ADMIN) account as local admin.

What can i do in this situation? Does anyone have any scripts that might help me do this?

Thank You in advance

mm2270 · ‎07-20-2018

Have you already tried doing some searches here for similar topics? I have to believe there are several threads already that discuss this and may have example scripts being used to do it.

SincerelyJoshin · ‎07-20-2018

Hey Saud,

Look into the dseditgroup man page, that should point you in the right direction.

dmohs · ‎07-20-2018

Agreeing with SincerelyJoshin, dseditgroup should be your answer. Here is a sample line of code for demoting user "janedoe" from an administrator to a standard user. I found it yesterday while seeking the same information.

dseditgroup -o edit -d janedoe -t user -L admin

nvandam · ‎07-23-2018

This is what we use. We just removed admin rights from about 90 people with this script. It removes rights from anyone except those specified, here root, youradmin1, and youradmin 2 would be left as admins. You can add as many admins as you'd like to stay admin.

#!/bin/sh

adminUsers=$(dscl . -read Groups/admin GroupMembership | cut -c 18-)

for user in $adminUsers
do
    if [ "$user" != "root" ]  && [ "$user" != "youradmin1" ] && [ "$user" != "youradmin2" ]
    then 
        dseditgroup -o edit -d $user -t user admin
        if [ $? = 0 ]; then echo "Removed user $user from admin group"; fi
    else
        echo "Admin user $user left alone"
    fi
done

wawuku · ‎08-15-2019

I was able to accomplish this using this simple script, where John is the Username;

dscl . -delete /Groups/admin GroupMembership john

Hope this was helpful

Jamf Nation Community

Local Admin to Standard user