Skip to main content

Hide local macOS admin users

Description

Use a FileWave Fileset script to hide local macOS admin accounts from the login window while keeping the Other option available for manual username/password sign-in.

Ingredients

  • FileWave Central
  • A plain-text editor for reviewing the script before deployment

Directions

  1. Make an empty Fileset with a script that runs at activation.
  2. Use this example script to hide eligible local admin accounts at login and show the "Other..." option so authorized admins can still sign in with a username and password. This example uses Apple's loginwindow Hide500Users preference, so test it with the way your local admin accounts are created before broad deployment.
    #!/bin/sh
    # This script is a Postflight sample
    # benm @ fw
    #hide the just made admin account and enable screen sharing 
    echo "hiding local admins at the login window"
    #enable hidden admins
    sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES
    #enable "other..." option at login window
    sudo defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool TRUE
    
  3. To show those accounts at the login window again, deploy:
    sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool NO