Posted on β03-22-2022 07:29 PM
I know this has been asked many times, but I can't seem to find a specific script I can use in a policy to demote a specific user from admin to standard. All our accounts are local accounts. We have been doing some auditing and see too many admin accounts out there and are targeting specific users on specific remote/off site Macs. I have seen scripts that target all users except "admin123" and demote everyone else but that admin account. I need to specifically target a user by account name. I am not a good at scripting, which I why I am asking for help. Appreciate any feedback or suggestions.
Thank You.
Solved! Go to Solution.
Posted on β03-22-2022 07:44 PM
You could try the following
Policy
Files and Process
Execute Command
dseditgroup -o edit -d nameoftheusertodemotegoeshere -t user -L admin
example
dseditgroup -o edit -d localadministrator -t user -L admin
Posted on β03-22-2022 07:44 PM
You could try the following
Policy
Files and Process
Execute Command
dseditgroup -o edit -d nameoftheusertodemotegoeshere -t user -L admin
example
dseditgroup -o edit -d localadministrator -t user -L admin
Posted on β03-23-2022 05:21 AM
Thank you! @atomczynski I need to learn scripting. I assume I should start with zsh instead of bash? Any thoughts on that?