jeff-j of osxroot
6/19/2015 - 2:16 PM
Creates a hidden local user account. Can be pushed via meraki,
Creates a hidden local user account. Can be pushed via meraki,
#!/bin/bash
# Compatible with 10.6 - 10.10
# usage
# Create a localadmin account with name/id set in script
# create_hidden_local_admin.sh
# Delete account $HIDDEN_USER variable
# create_hidden_local_admin.sh delete
# Delete account named "otheradmin"
# create_hidden_local_admin.sh delete otheradmin
#
# REFERENCE LINKS:
# - http://support.apple.com/kb/HT5017
# - http://web.rebootcs.com/hints/10-apple/37-create-hidden-account
# - http://community.centrify.com/t5/The-Centrify-Apple-Guys/How-to-create-a-Hidden-Local-Admin-account-on-Mac-systems-Redux/ba-p/14649
# Todo
# 1. if username available but ID is takem - try next userid
# ****************************************************************************
# *** Edit this to your own preferences **************************************
HIDDEN_USER="localadmin"
HIDDEN_PASS='secretpass-changeme'
HIDDEN_UID=401
HIDDEN_NAME='Local Admin'
#***************************************************************************
# Do not edit below this line
#***************************************************************************
echo
if [ `whoami` != "root" ]; then
echo "$(basename "$0") must be run as ${bold}root${norm} user."
echo
exit 0;
fi
if [[ $1 = delete ]]; then
[[ -n $2 ]] && HIDDEN_USER="$2"
dscl . -delete /Users/$HIDDEN_USER 2>/dev/null && echo "Deleted $HIDDEN_USER" || echo "User $HIDDEN_USER does not exist"
echo
exit 0;
fi
if id $HIDDEN_USER &>/dev/null; then
echo "User:$HIDDEN_USER already exists"
echo
exit 1;
fi
if $HIDDEN_UID &>/dev/null; then
echo "ID:$HIDDEN_UID already exists"
echo
exit 1;
fi
echo "Creating"
echo "User: $HIDDEN_USER"
echo "ID: $HIDDEN_UID"
HIDDEN_HOME="/var/$HIDDEN_USER"
vers=`sw_vers -productVersion | cut -f1,2 -d.`
# 1. Create the new account
dscl . -create /Users/$HIDDEN_USER UniqueID $HIDDEN_UID
dscl . -create /Users/$HIDDEN_USER PrimaryGroupID 20
dscl . -create /Users/$HIDDEN_USER NFSHomeDirectory "$HIDDEN_HOME"
dscl . -create /Users/$HIDDEN_USER UserShell /bin/bash
dscl . -create /Users/$HIDDEN_USER RealName "$HIDDEN_NAME"
# 2. Set the password for the new account
dscl . -passwd /Users/$HIDDEN_USER $HIDDEN_PASS
# 3. Create the home folder and own it to the new account
[[ -d "$HIDDEN_HOME" ]] && echo "Home: $HIDDEN_HOME already exists" || (mkdir "$HIDDEN_HOME" && echo "Created home: $HIDDEN_HOME")
chown -R $HIDDEN_USER "$HIDDEN_HOME"
# 4. Add the user into the Local Admin group
dscl . append /Groups/admin GroupMembership $HIDDEN_USER
# 5. Enable the Hide500Users attribute
defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES
# 6. Make sure the "Others" option is always shown at the login window (If using "List of Users" option)
defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool TRUE
# Yosemite specific
if [[ "$vers" = "10.10" ]]; then
echo "Yosemite Options Applied"
dscl . create /Users/$HIDDEN_USER IsHidden 1
dscl . -delete "/SharePoints/$HIDDEN_USER's Public Folder" &>/dev/null
fi