Problem deleting local account


Hello folks.

I have a bit of a mystery here. When we first provision our student Macs, we set them up with a local account which is then deleted as various policies and stages kick in and they are joined to AD. However I noticed on a recent Macbook formatted to APFS, the temporary "mac" user persists even through the delete command issued by Jamf.

Logging in locally, I'm issuing the following command and getting the following error:

sudo dscl . delete /Users/mac
DS Error: -14120 (eDSPermissionError)

I can see a fix regarding some directory utility tweaks and fiddling, but was hoping if this is going to be prevalent that I could maybe script something instead. Has anybody else had similar issues?


Valued Contributor

What happens when you try this:

sudo jamf deleteAccount -username "mac" -deleteHomeDirectory


No errors when I run that command, but the account is still there. If I go into directory utility I can see it listed, and if I click to delete it from directory utility there are no errors also, but nothing changes. It's indestructible!

I formatted the drive again earlier and rebuilt the Mac with the same process, same outcome. The account is created as part of the prestage enrollment step, and later deleted with a "local account" policy through Jamf. This works a treat normally, but seemingly not on High Sierra with APFS.

New Contributor III

Did you find any solution/answer to what was going on? We have a policy that is supposed to remove a local account, but in about 30% of cases the policy runs, supposedly successfully, but the account persists. There are no errors from the policy.

Valued Contributor

Check out this post, there were some changes to secureToken starting in 10.14.2 that can prevent you from deleting a local account under certain scenarios:

New Contributor III

I'm having the same issue. Anybody figured out what the problem is/was?