Posted on 05-16-2022 07:14 AM
Hi. We need to create a special "sharing only" account on some of our computer. Users should be able to share the screen using that account – but not to login to that same local account (they are supposed to used their AD logins instead).
Creating a local account with a Jamf policy doesn't give me the option to create "sharing only" account as in System preferences. So how do I create one with Jamf?
Solved! Go to Solution.
Posted on 05-17-2022 05:02 AM
Thanks for your input, brockwalters.
Yes, the user I want to create is a local "Sharing Only" account, with have nothing to do with the AD. It does not have to be hidden.
I found this: https://www.hexnode.com/mobile-device-management/help/script-to-create-sharing-only-user-account-on-... before I tried your script – and it worked exactly as I wanted. But it seems to do pretty much the same thing as yours.
05-16-2022 09:54 PM - edited 05-16-2022 09:59 PM
I am not exactly sure if you are using the terminology correctly given that you are trying to do something with AD mobile accounts, however, if what you really want to do is create "Sharing Only" macOS user accounts
you can do so with something like this:
#!/bin/sh
if [ "$EUID" -ne 0 ]
then
>&2 /echo 'error: this script must be executed by the root user.'; exit
fi
/usr/sbin/sysadminctl -addUser 'bob' -UID 505 -password 'password!' -home /dev/null
/usr/bin/dscl . -create /Users/bob UserShell /usr/bin/false
The purpose in this example of setting the UID is to make the account in the "visible" range of accounts so you can see the result in System Preferences during tests:
A Sharing Only user account is simply an account that has no home folder & no shell. If you want the account hidden you can set it to a UID below 500 or set it above 500 & see if these old chestnuts still apply (as needed):
/usr/bin/dscl . -create /Users/bob IsHidden 1
/usr/bin/defaults write com.apple.loginwindow Hide500Users -bool TRUE
/usr/bin/defaults write com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE
Posted on 05-17-2022 05:02 AM
Thanks for your input, brockwalters.
Yes, the user I want to create is a local "Sharing Only" account, with have nothing to do with the AD. It does not have to be hidden.
I found this: https://www.hexnode.com/mobile-device-management/help/script-to-create-sharing-only-user-account-on-... before I tried your script – and it worked exactly as I wanted. But it seems to do pretty much the same thing as yours.