Hide local macOS admin users
Description
Use a FileWave Fileset script to hide local macOS admin accounts from the login window while keeping the Other option available for manual username/password sign-in.
Ingredients
- FileWave Central
- A plain-text editor for reviewing the script before deployment
Directions
- Make an empty Fileset with a script that runs at activation.
- Use this example script to hide eligible local admin accounts at login and show the "Other..." option so authorized admins can still sign in with a username and password. This example uses Apple's loginwindow Hide500Users preference, so test it with the way your local admin accounts are created before broad deployment.
#!/bin/sh # This script is a Postflight sample # benm @ fw #hide the just made admin account and enable screen sharing echo "hiding local admins at the login window" #enable hidden admins sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES #enable "other..." option at login window sudo defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool TRUE - To show those accounts at the login window again, deploy:
sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool NO
No comments to display
No comments to display