Help

Login script for our DEP-created local admin

a_holley
Contributor

Posted on ‎08-08-2017 08:16 PM

We've been using the DEP to deploy our computers recently, and it seems to be working fine.

There's a few small changes I'd like to make to the local admin account that gets created on enrolment. I had hoped that the scripts that change the default user template would apply to this user also, but it does not appear to be the case. Not entirely sure why, these scripts are run on enrolment and definitely touch the user template, because subsequent users get these plist changes, but not the ladmin.

Anyway, it's just a few defaults write commands that I want to apply to ladmin on login, only for those computers that were enrolled via the prestage process.

Any suggestions on how to accomplish this? I tried creating a smart group, but for some reason it picks up all 500+ computers that have the ladmin account. When I take that out and just check for computers enrolled via the prestage process, that correctly reports the ~30 computers that have been enrolled that way.

0 Kudos
Reply
3 REPLIES 3

ftiff
Contributor

Posted on ‎08-09-2017 04:20 AM

Hi,

Can you give us background information on why do you want to do this and the big picture?

Not sure I understand what you’re trying to accomplish, but the first user created using DEP (501) won’t get the user template changes. It’s One of the first things that is done on the computer, much before all other actions. As for the management account, I’m not sure when it is created, but I’m pretty sure it’s before the enrollment policies, so it’s also too early.

Perhaps the easiest thing to do here would be to push a Configuration Profile with a Custom payload. It will be one of the first things Pushed to the computer, with the added benefit of being enforced.

0 Kudos
Reply

a_holley
Contributor

Posted on ‎08-09-2017 05:08 PM

I want our local admin account to have a few things changed from the standard Apple setup. Easiest example is that I want the clock in the menu bar to display the seconds - quickest way to see if a computer has crashed.

I don't want anything enforced. That's part of the reason we alter the default template, rather than using config profiles everywhere.

0 Kudos
Reply

jared_f
Valued Contributor

Posted on ‎08-09-2017 07:24 PM

@a.holley You could create custom setting payload profiles and push them out. I don't think it would be easy to edit the admin user because it is created on the system at setup and is local.

0 Kudos
Reply