Admin User Creation (macOS)

  • Ready in: 10
  • Server downtime: None
  • Complexity: Advanced
  • Platform: macOS
  • License Type: Any License
  • By: Benjamin Miles
Admin User Creation (macOS)

Description

Script for remotely adding administrators on macOS machines. This Fileset also requires the computer to reboot after the user is created.

Please Note: When the script runs and the user will always show as a standard until the computer is rebooted.

 

 

Ingredients

  • Admin
  • Attached Fileset

Directions

-

You must have an account to view the full content of this page.

-

Comments (7)

  • ben.thomasian

    ben.thomasian

    23 August 2016 at 22:29 |
    If the local admin is already on the machine, what happens if this runs again? Will it just ignore it or cause issues?

    reply

  • ben.thomasian

    ben.thomasian

    23 August 2016 at 22:43 |
    Also, this line doesn't work as it does create the user in MacOS 10.11.16 but doesn't make them a "local admin" user account

    #1 is make into admin, 0 is make as standard user
    islocaladmin=1

    reply

  • Gregg Burcham

    Gregg Burcham

    04 May 2017 at 23:35 |
    Ben,
    Does this still work on 10.12.4?

    reply

    • Mauricio Puente-Cadena

      Mauricio Puente-Cadena

      05 May 2017 at 14:08 |
      Hello Gregg,
      I just verified that this script stills works correctly on OS 10.12.4

      reply

      • Gregg Burcham

        Gregg Burcham

        05 May 2017 at 17:41 |
        Thanks!

        reply

  • Steven Lee

    Steven Lee

    16 May 2017 at 14:59 |
    Worked great! Would like a script to change this local admin password as needed. Sometimes it does have to be given out and can be changed when "emergency" is over.

    reply

    • Bao Tran

      Bao Tran

      16 May 2017 at 16:52 |
      These lines below from the above script let you change the password for an account. Replace the $username and $password variables with actual values. Presumably you'd create one fileset to change the password to a temporary one and have a 2nd one to change it back. But before you do that you might want to consider other options.

      #setting the users password
      dscl . -passwd /Users/$username $password

      Wouldn't it be more secure for you to use the above script to create a unique 2ndary admin account that you delete later? Once you give someone the default local admin account name they have 50% of what they need to gain admin access to any Mac on your network, assuming that you're using the same local admin username on all your machines.

      reply

Leave a comment

Please login to leave a comment.