Skip to main content

How to Create Local User Accounts on macOS 10.15+


Provided is a scripted recipe to create a local user account on macOS devices associated with the below Fileset.  Options allow for creating:

  • Admin or standard accounts
  • Hidden or visible accounts

Other values may be specified.


Requirements are:

Customised values are set with the use of Environment Variables.  Settings within the downloaded recipe are:

Customisation includes:

  • username - unix shortname (no spaces)
  • realname - long display name
  • password - users password
  • group_id - user's primary group id
  • shell_type - e.g /bin/bash, /bin/zsh
  • islocaladmin - set user to be a local admin TRUE/FALSE
  • is_hidden - set user to be an invisible account TRUE/FALSE
  • id_choice - set to be a dedicated value [static_id] or find next available value [next_id]
  • unique_id - either the ID to use when id_choice is static_id or the beginning ID of a range of IDs to attempt when id_choice is set to next_id
  • end_id - for next_id, the end value of range of IDs to stop testing and if reached script will exit 1
  • enable_secure_token - enable secure token for the new user TRUE/FALSE
  • admin_user - short name of a local administrator (only required if enable_secure_token is set as TRUE)
  • admin_password - password of admin_user (only required if enable_secure_token is set as TRUE)


This options is stating whether the id to be used will be solely one preset value or if a range of values should be attempted; first available will then be attempted.


When set as 'static_id', the value set in 'unique_id' will be used as the users ID.  If this value is already in use, the script will exit with an error.


When set as 'next_id', a range of values will be tested starting at 'unique_id' and ending with 'end_id'.  The first available value found will be used. If none are found the script will exit with an error.


This is the short name of the user.  If the name already exists on the device, the script will exit with an error.


If set as TRUE, the new user will be added as an administrator of the device


If set as TRUE, the new user will be hidden


If set as TRUE, the new user will be enabled as a secure token user.  This options requires the following values to also be set: admin_user and admin_password


All other values should be edited as desired


To create a user:

  • Download the above Fileset and import into FileWave
  • Edit the Environment Variables as required
  • Associate and Update Model to test devices
  • Once tested associate to greater quantity or all devices.


Consider a device that already has 3 local accounts, with user IDs 501, 502, 503.  Settings could then be either:

  • Variable: id_choice
  • Value: static_id
  • Variable: unique_id
  • Value: 504

or may look something like:

  • Variable: id_choice
  • Value: next_id
  • Variable: unique_id
  • Value: 501
  • Variable: end_id
  • Value: 600

In the first instance, ID 504 will be attempted.  This is useful if all devices are the same and it is considered desirable that all users of this name have the same ID on each device.

In the second instance, 501 will be attempted, then 502 and 503, when finally 504 will be met, found to be free, and then be attempted.  This option is particularly useful for devices where an unknown quantity of user accounts may exist on each device and the users' ID is not considered important.

Considering this example with all other settings as default, the following account should be created:

NFSHomeDirectory: /Users/fwadmin
PrimaryGroupID: 20
 FileWave Admin
RecordName: fwadmin
UniqueID: 504
UserShell: /bin/zsh

Additionally, the user will be a local Admin, but the account was not set as hidden