Script to find / delete local accounts with unique ID higher than 500

ooshnoo
Valued Contributor

Hi..

We're using DEP in an AD environment.
When setting up Mac for first time, the user is prompted to create a local account via the setup assistant.

We have Casper run a policy that binds computer to AD and then restarts allowing user to login with their domain credentials.

What we'd like to do is have Casper run a script that once user is logged into Mac with AD account that will search for and delete the local account that was created using the setup assistant upon first boot.

Since people will no doubt create a local account with any name they want, I thought maybe we could run a DSCL command and find any local accounts with a Unique ID of "500-something" and then delete it.

I thought maybe I'd build off of @donmontalvo instructions here, but I'm not a scripting whiz.
https://jamfnation.jamfsoftware.com/discussion.html?id=5437

Whatchoo think? Maybe there's another way?

1 ACCEPTED SOLUTION

mm2270
Legendary Contributor III

Not tested, so be super careful when testing this, but I think this will do what you want, which is to look for and delete any local accounts between UID 501 and 999.

#!/bin/bash

while read userAccount; do
    userHome=$(dscl . read /Users/$userAccount NFSHomeDirectory | awk '{print $NF}')
    dscl . delete /Users/$userAccount
    rm -Rfd "$userHome"
done < <(dscl . list /Users UniqueID | awk '$2 > 500 && $2 < 1000 {print $1}')

Before having this run, you may want to first validate that another account exists on the Mac to log into, and that the Mac was successfully joined to AD, and lastly, that the account the Mac is logged into isn't one of the ones its going to delete. If those conditions aren't in place and this runs, it could cause some big problems for you.

View solution in original post

2 REPLIES 2

mm2270
Legendary Contributor III

Not tested, so be super careful when testing this, but I think this will do what you want, which is to look for and delete any local accounts between UID 501 and 999.

#!/bin/bash

while read userAccount; do
    userHome=$(dscl . read /Users/$userAccount NFSHomeDirectory | awk '{print $NF}')
    dscl . delete /Users/$userAccount
    rm -Rfd "$userHome"
done < <(dscl . list /Users UniqueID | awk '$2 > 500 && $2 < 1000 {print $1}')

Before having this run, you may want to first validate that another account exists on the Mac to log into, and that the Mac was successfully joined to AD, and lastly, that the account the Mac is logged into isn't one of the ones its going to delete. If those conditions aren't in place and this runs, it could cause some big problems for you.

ooshnoo
Valued Contributor

Works perfectly! Thanks @mm2270 !!!!!