login to Mac after computer imaged with Casper

tcandela
Valued Contributor II

Strange question or not, not sure if this is but I'm asking.

after imaging a computer, how are you admins getting user accounts setup on your imacs/macbook pros etc.. for users to then login?

i'm assuming if the imaged mac is joined to an active directory domain, then the user can login with there active directory username/password.

if these macs are not joined to a domain do I have to create user account(s) somewhere in the imaging process configuration?

1 ACCEPTED SOLUTION

jhalvorson
Valued Contributor

If it is not bound, then you have to create a local user account for each person or User name that you want to allow to log on. You can create the local (non-AD) accounts:
A) by way of a package using createuserpkg B) JAMF policy that has a script to create the user(s)
C) Within Casper Imaging, click on Custom, and use the Accounts tab to create a local account.
You would need to make an account for each person on each device or for every user on every Mac. Creating a package or a script for every possible user might drive you mad.

Prior to AD, we had the techs that Image the Mac, create a user account based on the work order for each Mac that came in. They picked a standard naming process and set the password. That also meant they had to tell the end user what the password was set to so they could log in.

Will the Macs be setup for individual or multiple users?

View solution in original post

14 REPLIES 14

jhalvorson
Valued Contributor

To create an admin account to be used by you or your support staff, you can create a local account using "CreateUserPkg" http://magervalp.github.io/CreateUserPkg/ or more info here https://github.com/MagerValp/CreateUserPkg

bentoms
Release Candidate Programs Tester

@tcandela, correct about AD accounts or any directory accounts.

Further to what @jhalvorson suggested, you can also create accounts via a policy from the JSS.

tcandela
Valued Contributor II

yep I've seen the 'createuserpkg'.

based on 'Bentoms' comment, when computer is not joined to a directory, I would have to create an account policy that would create a standard user account that would be able to login?

my question is more related to standard user accounts. How do i get them created when computer is NOT directory joined ?
enroll the computer, and then via policy have the standard account(s) created?
how would I get multiple standard user accounts created on the mac?

mm2270
Legendary Contributor III

I'm a little confused about exactly what you want to do here.
From what I'm seeing:
a) the Macs are not joined to AD (or are but not using AD accounts)
b) you want 'something' that allows you to create a new user on the Mac, which will vary from Mac to Mac, after its done imaging

Is that right? Will the end users themselves be creating their own accounts, or is someone in IT doing this?

Just thinking out loud, there may be a way to do this with a first run script of sorts that pops up a dialog asking for user information (name/password, etc) and then creates the account using either dscl or the jamf binary's createAccount command.

jhalvorson
Valued Contributor

If it is not bound, then you have to create a local user account for each person or User name that you want to allow to log on. You can create the local (non-AD) accounts:
A) by way of a package using createuserpkg B) JAMF policy that has a script to create the user(s)
C) Within Casper Imaging, click on Custom, and use the Accounts tab to create a local account.
You would need to make an account for each person on each device or for every user on every Mac. Creating a package or a script for every possible user might drive you mad.

Prior to AD, we had the techs that Image the Mac, create a user account based on the work order for each Mac that came in. They picked a standard naming process and set the password. That also meant they had to tell the end user what the password was set to so they could log in.

Will the Macs be setup for individual or multiple users?

tcandela
Valued Contributor II

If the mac is AD joined via CASPER then I will have users login via there active directory credentials.

my question is, IF the mac is not joined to active directory, how do I create standard user accounts on each mac? each mac will have different users that will have to login, thus different username/passwords.

end users will not be creating their own accounts, I want this done through casper.

for example:

COMPUTER 1 is imaged; not joined to AD, two standard users need to login (john, bill), how would i get these two accounts created??

COMPUTER 2 is imaged; not joined to AD, two standard users need to login (mark, kevin), how would i get these two accounts created??

would I create a user account policy, and each time edit the username and password of each user, and have that policy run on the targeted mac ?

tcandela
Valued Contributor II

The Macs will be mixed, setup for both individual and multiple user macs.

so if possible it would be best to have the macs AD joined for ease of user login ?

mpermann
Valued Contributor II

You should be able to use @jhalvorson's letter C option from above when you are in Casper Imaging. That's how we do it anyway.

davidacland
Honored Contributor II

Assuming this is only a small number of Macs and AD wasn't an option, I would go for option C described by @jhalvorson.

You could do it with createuserpkg or the sysadminctl binary in 10.10 but these are probably just adding complication when the option is already there in Casper Imaging.

If it was at all a possibility I would go for using a directory service though!

tcandela
Valued Contributor II

so if I use use @jhalvorson's letter C option from above when in Casper Imaging I can create multiple user accounts at once ?

mpermann
Valued Contributor II

@tcandela, that is correct. Just the other day I created two users using the method @jhalvorson mentioned. One was an admin user and the other was a standard user. Give it a try on a test system and you'll see it works fine.

Simmo
Contributor II

https://derflounder.wordpress.com/2014/12/20/performing-password-resets-on-yosemite-with-unsetpassword/

If you are running 10.10 then this may come in useful to you when creating your local user accounts.

tcandela
Valued Contributor II

thanks everyone. I'll use this method = C) Within Casper Imaging, click on Custom, and use the Accounts tab to create a local account.

instead of creating user account policies to create standard user(s)

JPDyson
Valued Contributor

It sounds like you have your answer, but consider your workflow. Are you basically settings these up 1:1? If so, it makes some sense to go ahead and create the user in the Imaging app when you're imaging that particular computer. The same applies for group systems - you create the shared account at the time of imaging. If you don't happen to know who gets the computer at imaging time, you just log in as the admin/management account and create the user manually later.

I would encourage you to consider the AD option, in particular if your shop uses AD for Windows and other services. This gives your users a single account to manage, and means that you don't need to know the user at imaging time. Beyond that, you can also take advantage of single sign-on for any sites/services that can authenticate via Kerberos. Your technicians can be granted admin rights to all Macs via group membership as you bind the Mac, as well. It's a bit more work I guess, but it's nice for integration.