Skip to main content
Question

Login script for our DEP-created local admin

  • August 9, 2017
  • 3 replies
  • 8 views
A
Forum|alt.badge.img+5

We've been using the DEP to deploy our computers recently, and it seems to be working fine.

There's a few small changes I'd like to make to the local admin account that gets created on enrolment. I had hoped that the scripts that change the default user template would apply to this user also, but it does not appear to be the case. Not entirely sure why, these scripts are run on enrolment and definitely touch the user template, because subsequent users get these plist changes, but not the ladmin.

Anyway, it's just a few defaults write commands that I want to apply to ladmin on login, only for those computers that were enrolled via the prestage process.

Any suggestions on how to accomplish this? I tried creating a smart group, but for some reason it picks up all 500+ computers that have the ladmin account. When I take that out and just check for computers enrolled via the prestage process, that correctly reports the ~30 computers that have been enrolled that way.

    3 replies

    F
    Forum|alt.badge.img+8
    • ftiff
    • Contributor
    • August 9, 2017

    Hi,

    Can you give us background information on why do you want to do this and the big picture?

    Not sure I understand what you’re trying to accomplish, but the first user created using DEP (501) won’t get the user template changes. It’s One of the first things that is done on the computer, much before all other actions. As for the management account, I’m not sure when it is created, but I’m pretty sure it’s before the enrollment policies, so it’s also too early.

    Perhaps the easiest thing to do here would be to push a Configuration Profile with a Custom payload. It will be one of the first things Pushed to the computer, with the added benefit of being enforced.

    A
    Forum|alt.badge.img+5
    • amyh
    • Author
    • Contributor
    • August 10, 2017

    I want our local admin account to have a few things changed from the standard Apple setup. Easiest example is that I want the clock in the menu bar to display the seconds - quickest way to see if a computer has crashed.

    I don't want anything enforced. That's part of the reason we alter the default template, rather than using config profiles everywhere.

    J
    Forum|alt.badge.img+14
    • jared_f
    • Valued Contributor
    • August 10, 2017

    @a.holley You could create custom setting payload profiles and push them out. I don't think it would be easy to edit the admin user because it is created on the system at setup and is local.

    Terms & ConditionsCookie settingsAccessibility statement