Hiding Management Account

macboy
Contributor

I have a local admin account on several machines that are also the management account on those machines as well. Is there a way after the fact that I can go back in and hide them? I can't seem to find a policy setting or script that will do that. We need to hide the current already created ones. I did create a quick add package that will create that user and hide it on any further machines but not sure if there is easy way to hide the already existing one. Hope that makes sense.

1 ACCEPTED SOLUTION

macboy
Contributor

Here it is...fairly simple and works for me. Not sure if it can tweaked any better. The first part looks to see if it exists then does what is appropriate based on if the directory exists or not.

This was done because new machines will be brought into our JSS with the account created from the QuickAdd package and hidden as well so it doesn't need to run the script. I am sure there is better way to tweak or write this script but my scripting ability is very limited and heck it works.

#!/bin/sh

# check if the <name of admin account> directory is present
if [ -d /Users/<name of admin account> ]; then
dscl . -create /Users/<name of admin account> UniqueID 401
chown -R <name of admin account> /Users/<name of admin account>
defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES
mv /Users/<name of admin account>/ /var/<name of admin account>/
dscl . -create /Users/<name of admin account> NFSHomeDirectory /var/<name of admin account>
else
exit
fi

View solution in original post

9 REPLIES 9

scottb
Honored Contributor

Why not install the QuickAdd.pkg on all of them and delete the other accounts? Then they're all the same.

macboy
Contributor

The accounts are all the same on all machines. It is the management account we created on each. I could delete them and recreate with the QuickAdd package but was hoping I could just hide them since I am not changing them. Perhaps a script or policy to hide them. I do not need to delete the existing account.

Not applicable

Have you followed any of Apple's steps?

http://support.apple.com/kb/HT5017?? - How to hide a user account in OS X

DJMat
New Contributor

This is still valid as of today and should be the accepted answer.

jhbush
Valued Contributor II

@macboy ```
sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES
``` is what will remove the user from the Accounts Preference Pane after you lower the UID. You can easily create users in JAMF or with http://magervalp.github.io/CreateUserPkg/

macboy
Contributor

Thanks to all for the input. I created a script that will do exactly what I need from information provided above.

bgreeno
New Contributor III

@macboy Would you mind sharing the script? Thanks for your help!

macboy
Contributor

Here it is...fairly simple and works for me. Not sure if it can tweaked any better. The first part looks to see if it exists then does what is appropriate based on if the directory exists or not.

This was done because new machines will be brought into our JSS with the account created from the QuickAdd package and hidden as well so it doesn't need to run the script. I am sure there is better way to tweak or write this script but my scripting ability is very limited and heck it works.

#!/bin/sh

# check if the <name of admin account> directory is present
if [ -d /Users/<name of admin account> ]; then
dscl . -create /Users/<name of admin account> UniqueID 401
chown -R <name of admin account> /Users/<name of admin account>
defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES
mv /Users/<name of admin account>/ /var/<name of admin account>/
dscl . -create /Users/<name of admin account> NFSHomeDirectory /var/<name of admin account>
else
exit
fi

bgreeno
New Contributor III

@macboy This works great! Thanks for sharing!