How to Create Local User Accounts on macOS 10.15+

Description

Provided is a scripted recipe to create a local user account on macOS devices associated with the below Fileset.  Options allow for creating:

Other values may be specified.

Information

Requirements are:

Customised values are set with the use of Environment Variables.  Settings within the downloaded recipe are:

Customisation includes:

'id_choice'

This options is stating whether the id to be used will be solely one preset value or if a range of values should be attempted; first available will then be attempted.

static_id

When set as 'static_id', the value set in 'unique_id' will be used as the users ID.  If this value is already in use, the script will exit with an error.

next_id

When set as 'next_id', a range of values will be tested starting at 'unique_id' and ending with 'end_id'.  The first available value found will be used. If none are found the script will exit with an error.

'username'

This is the short name of the user.  If the name already exists on the device, the script will exit with an error.

'islocaladmin'

If set as TRUE, the new user will be added as an administrator of the device

'is_hidden'

If set as TRUE, the new user will be hidden

'enable_secure_token'

If set as TRUE, the new user will be enabled as a secure token user.  This options requires the following values to also be set: admin_user and admin_password

Other

All other values should be edited as desired

Directions

To create a user:

Example

Consider a device that already has 3 local accounts, with user IDs 501, 502, 503.  Settings could then be either:

or may look something like:

In the first instance, ID 504 will be attempted.  This is useful if all devices are the same and it is considered desirable that all users of this name have the same ID on each device.

In the second instance, 501 will be attempted, then 502 and 503, when finally 504 will be met, found to be free, and then be attempted.  This option is particularly useful for devices where an unknown quantity of user accounts may exist on each device and the users' ID is not considered important.

Considering this example with all other settings as default, the following account should be created:

NFSHomeDirectory: /Users/fwadmin
PrimaryGroupID: 20
RealName:
 FileWave Admin
RecordName: fwadmin
UniqueID: 504
UserShell: /bin/zsh

Additionally, the user will be a local Admin, but the account was not set as hidden


Revision #2
Created 14 July 2023 20:05:25 by Josh Levitsky
Updated 31 October 2023 13:34:35 by Sean Holden