Jamf Nation Community

wan · ‎04-11-2022

Hi,

I want to remove the current login user as admin and I tried this command and it seems not to working.

#!/bin/bash

/usr/sbin/dseditgroup -o edit -d "$currentUser" -t user admin

is anyone can help me with this?

Thank you

MacJunior · ‎04-12-2022

#!/bin/sh

loggedInUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }')

dseditgroup -o edit -d $loggedInUser -t user admin

Give it a shot

View solution in original post

MacJunior · ‎04-12-2022

#!/bin/sh

loggedInUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }')

dseditgroup -o edit -d $loggedInUser -t user admin

Give it a shot

wan · ‎04-12-2022

unfortunately it does not work

MacJunior · ‎04-13-2022

I tried it on a test machine and it works !! what does it say in the logs of that policy?

wan · ‎04-18-2022

i recreate back the script & policy and it works now. thank you

rabbitt · ‎04-12-2022

It's also possible the admin user is the only administrator account on the machine that has a FileVault securetoken. macOS restricts you from deleting that user even if there's some other mechanism to hand out securetokens to users like a valid bootstrap token being stored in the MDM server or Jamf Connect installed to make more user accounts.

You'd need to elevate another user temporarily to an admin account, delete the user, and then demote the temporary admin...

wan · ‎04-12-2022

the macs has another admin account which is why i want to revoke the other one (the current login user).

i manage to found this command but i cant do a whitelist of the admin account according to the username since different set of macs have different admin username

Jamf Nation Community

Remove Current User as Admin