Script to Allow users / groups that can log into a machine?

danny_hanes
Contributor

I know that I can manually create a configuration and enter the groups / users that can log into a machine, but how would I go about this via script?

I have a first run script that is getting all of the relevant AD information, including groups that can log into the machine, but I don't know how to turn around and apply it to the machine.

Thoughts?

1 REPLY 1

thoule
Valued Contributor II

I imagine this could be done through AuthorizationDB or something. Sadly, I've no idea how.. I suppose I'd take the easy way (at least in the short term) and write a LaunchAgent that would kill 'loginwindow' process for any user that not in some list... That wouldn't prevent SSH connection, but can deal with that though the com.apple.access_ssh group.