Create "sharing only" account

Jost
New Contributor II

Hi. We need to create a special "sharing only" account on some of our computer. Users should be able to share the screen using that account – but not to login to that same local account (they are supposed to used their AD logins instead).

Creating a local account with a Jamf policy doesn't give me the option to create  "sharing only" account as in System preferences. So how do I create one with Jamf?

1 ACCEPTED SOLUTION

Jost
New Contributor II

Thanks for your input, brockwalters.

Yes, the user I want to create is a local "Sharing Only" account, with have nothing to do with the AD. It does not have to be hidden.

I found this: https://www.hexnode.com/mobile-device-management/help/script-to-create-sharing-only-user-account-on-... before I tried your script – and it worked exactly as I wanted. But it seems to do pretty much the same thing as yours.

 

 

View solution in original post

2 REPLIES 2

brockwalters
Contributor II

I am not exactly sure if you are using the terminology correctly given that you are trying to do something with AD mobile accounts, however, if what you really want to do is create "Sharing Only" macOS user accounts

Screen Shot 2022-05-16 at 10.33.14 PM.png

you can do so with something like this:

 

#!/bin/sh

if [ "$EUID" -ne 0 ]
then
    >&2 /echo 'error: this script must be executed by the root user.'; exit
fi

/usr/sbin/sysadminctl -addUser 'bob' -UID 505 -password 'password!' -home /dev/null
/usr/bin/dscl . -create /Users/bob UserShell /usr/bin/false

 

The purpose in this example of setting the UID is to make the account in the "visible" range of accounts so you can see the result in System Preferences during tests:

Screen Shot 2022-05-16 at 10.43.55 PM.png

A Sharing Only user account is simply an account that has no home folder & no shell. If you want the account hidden you can set it to a UID below 500 or set it above 500 & see if these old chestnuts still apply (as needed):

 

/usr/bin/dscl . -create /Users/bob IsHidden 1
/usr/bin/defaults write com.apple.loginwindow Hide500Users -bool TRUE
/usr/bin/defaults write com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE

 

 

 

Jost
New Contributor II

Thanks for your input, brockwalters.

Yes, the user I want to create is a local "Sharing Only" account, with have nothing to do with the AD. It does not have to be hidden.

I found this: https://www.hexnode.com/mobile-device-management/help/script-to-create-sharing-only-user-account-on-... before I tried your script – and it worked exactly as I wanted. But it seems to do pretty much the same thing as yours.