Jamf Nation Community

DavidRaj · ‎09-28-2021

Hi folks,

This is my first post and pretty new to mac environment. I have solid experience on Windows.

I'm trying to create 3 profiles on fresh mac image i.e 1st profile should have standrand, 2nd moderate rights, 3rd profile should have full admin rights. I have tried many scripts from online , but none of them didn't give me any luck.

Please direct me to correct direction i.e sample scripts\references\good articles.

Your assistance in this matter would be greatly appreciated

Thank you

PaulHazelden · ‎09-29-2021

Jamf can create accounts for you. If you set it up to do so.

For a scripted version then dscl is the command you want

dscl . -create /Users/<USERNAME>
dscl . -create /Users/<USERNAME> UserShell /bin/bash
dscl . -create /Users/<USERNAME> RealName "<USERNAME>"
dscl . -create /Users/<USERNAME> UniqueID "501"
dscl . -create /Users/<USERNAME> PrimaryGroupID 20
dscl . -create /Users/<USERNAME> NFSHomeDirectory /Users/<USERNAME>
dscl . -passwd /Users/<USERNAME> "<PASSWORD>"

dscl . -append /Groups/admin GroupMembership <USERNAME>

The set above creates an Administrator account. Replace <USERNAME> with the short name of the account, and <PASSWORD> with the password of the account. The only other change you will need is the UniqueID number. Generally the first account you create on a Mac will be the principal admin account and it will be given 501 as an ID, after this they are given the next available ID going up in value. So remember to give each one a new ID number.

Macs only really have 2 kinds of accounts Administrators and Standard accounts. For a standard account you will need to change group membership and possibly the primary group ID. I cant remember the right ones, its been a while since I scripted a Standard account.

View solution in original post

PaulHazelden · ‎09-29-2021

Jamf can create accounts for you. If you set it up to do so.

For a scripted version then dscl is the command you want

dscl . -create /Users/<USERNAME>
dscl . -create /Users/<USERNAME> UserShell /bin/bash
dscl . -create /Users/<USERNAME> RealName "<USERNAME>"
dscl . -create /Users/<USERNAME> UniqueID "501"
dscl . -create /Users/<USERNAME> PrimaryGroupID 20
dscl . -create /Users/<USERNAME> NFSHomeDirectory /Users/<USERNAME>
dscl . -passwd /Users/<USERNAME> "<PASSWORD>"

dscl . -append /Groups/admin GroupMembership <USERNAME>

The set above creates an Administrator account. Replace <USERNAME> with the short name of the account, and <PASSWORD> with the password of the account. The only other change you will need is the UniqueID number. Generally the first account you create on a Mac will be the principal admin account and it will be given 501 as an ID, after this they are given the next available ID going up in value. So remember to give each one a new ID number.

Macs only really have 2 kinds of accounts Administrators and Standard accounts. For a standard account you will need to change group membership and possibly the primary group ID. I cant remember the right ones, its been a while since I scripted a Standard account.

View solution in original post

Andrew_Kuntz1 · ‎09-29-2021

Hey, have you looked inside the computer policies section? We user the "Local Accounts" tab to generate a standard and administrator account onto all machines when they enroll

User Creation Script