How to Create Local User Accounts on macOS 10.15+
Description
Provided is a scripted recipe to create a local user account on macOS devices associated with the below Fileset. Options allow for creating:
- Admin or standard accounts
- Hidden or visible accounts
Other values may be specified.
Information
Requirements are:
- 'Create macOS user' Fileset - Create macOS User.fileset.zip
- Some consideration regarding user name, password and ID numbers
Customised values are set with the use of Environment Variables. Settings within the downloaded recipe are:
Customisation includes:
- username - unix shortname (no spaces)
- realname - long display name
- password - users password
- group_id - user's primary group id
- shell_type - e.g /bin/bash, /bin/zsh
- islocaladmin - set user to be a local admin TRUE/FALSE
- is_hidden - set user to be an invisible account TRUE/FALSE
- id_choice - set to be a dedicated value [static_id] or find next available value [next_id]
- unique_id - either the ID to use when id_choice is static_id or the beginning ID of a range of IDs to attempt when id_choice is set to next_id
- end_id - for next_id, the end value of range of IDs to stop testing and if reached script will exit 1
- enable_secure_token - enable secure token for the new user TRUE/FALSE
- admin_user - short name of a local administrator (only required if enable_secure_token is set as TRUE)
- admin_password - password of admin_user (only required if enable_secure_token is set as TRUE)
'id_choice'
This options is stating whether the id to be used will be solely one preset value or if a range of values should be attempted; first available will then be attempted.
|
static_id |
When set |
|
next_id |
When set |
'username'
This is the short name of the user. If the name already exists on the device, the script will exit.exit with an error.
'islocaladmin'
If set toas TRUE, thisthe new user will setbe the useradded as aan local Adminadministrator of the device
'is_hidden'
If set toas TRUE, thisthe new user will be hidden
'enable_secure_token'
If set as TRUE, the new user will be enabled as a hiddensecure accounttoken user. This options requires the following values to also be set: admin_user and admin_password
Other
All other values should be edited as desired
Directions
To create a user:
- Download the above Fileset and import into FileWave
- Edit the Environment Variables as required
- Associate and Update Model to test devices
- Once tested associate to greater quantity or all devices.
Example
Consider a device that already has 3 local accounts, with user IDs 501, 502, 503. Settings could then be either:
- Variable: id_choice
- Value: static_id
- Variable: unique_id
- Value: 504
or may look something like:
- Variable: id_choice
- Value: next_id
- Variable: unique_id
- Value: 501
- Variable: end_id
- Value: 600
In the first instance, ID 504 will be attempted. This is useful if all devices are the same and it is considered desirable that all users of this name have the same ID on each device.
In the second instance, 501 will be attempted, then 502 and 503, when finally 504 will be met, found to be free, and then be attempted. This option is particularly useful for devices where an unknown quantity of user accounts may exist on each device and the users' ID is not considered important.
Considering this example with all other settings as default, the following account should be created:
NFSHomeDirectory: /Users/fwadmin
PrimaryGroupID: 20
RealName:
FileWave Admin
RecordName: fwadmin
UniqueID: 504
UserShell: /bin/zshAdditionally, the user will be a local Admin, but the account was not set as hidden