We have approx. 400 Macs on our campus, and the problem is they were not all set up identically. There are at least 4 different admin username and password variations.

What I'd like to have is a script that will:

1) Check to see what the local admin account(s) is called. 2) If the account isn't named properly, create a new one with the proper name. 3) Set the proper password. (Preferably it'd be obfuscated in the script)

I found on StackExchange this script, but it doesn't exactly do what I need.

#!/bin/sh
./etc/rc.common
 dscl . create /Users/administrator
 dscl . create /Users/administrator RealName"Administrator Account" 
dscl . create /Users/administrator hint "Password Hint" 
dscl . create /Users/administrator picture "/Path/To/Picture.png" 
dscl . passwd /Users/administrator thisistheaccountpassword 
dscl . create /Users/administrator UniqueID501 
dscl . create /Users/administrator PrimaryGroupID80 
dscl . create /Users/administrator UserShell/bin/bash 
dscl . create /Users/administrator NFSHomeDirectory/Users/administrator 
cp -R /System/Library/User\ Template/English.lproj /Users/administrator chown -R administrator:staff /Users/administrator
 
Another suggestion was to use to get next proper id number.
LastID=`dscl . -list /Users UniqueID | awk '{print $2}' | sort -n | tail -1`NextID=$((LastID+1))
4 Comments   [ + ] Show Comments

Comments

  • You might want to check out the MacEnterprise mailing list:

    http://www.macenterprise.org/mailing-list

    You can check the archives first but I don't remember seeing anyone post about this recently.
  • This is what I came up with:


    #!/bin/bash
    # This script will first check existing accounts for presence of USERNAME or admin or administrator
    # If found, it will change the password to PASSWORD
    # If none are found, it will run the package create_USERNAME-1.0.pkg which creates an account with Full Name = Administrator, Account Name
    # (short name) USERNAME with the password.


    function checkusername () {

    local test1=$(dscl . -list /Users | grep -i USERNAME)
    local test2=$(dscl . -list /Users | grep -i admin)
    local test3=$(dscl . -list /Users | grep -i Administrator)

    if [ "$test1" = “username†]; then
    echo the username username already exists
    echo setting password
    dscl . passwd /Users/username PASSWORD
    exit
    else
    echo
    fi

    if [ "$test1" = "Username" ]; then
    echo the username Username already exists
    echo setting password
    dscl . passwd /Users/Username PASSWORD
    exit
    else
    echo
    fi

    if [ "$test1" = “UserName†]; then
    echo the username UserName already exists
    echo setting password
    dscl . passwd /Users/UserName PASSWORD
    exit
    else
    echo
    fi

    if [ "$test2" = "admin" ]; then
    echo the username admin already exists
    echo setting password
    dscl . passwd /Users/admin PASSWORD
    exit
    else
    echo
    fi

    if [ "$test2" = "Admin" ]; then
    echo the username Admin already exists
    echo setting password
    dscl . passwd /Users/Admin PASSWORD
    exit
    else
    echo
    fi

    if [ "$test3" = "Administrator" ]; then
    echo the username Administrator already exists
    echo setting password
    dscl . passwd /Users/Administrator PASSWORD
    exit
    else
    echo
    fi

    if [ "$test3" = "administrator" ]; then
    echo the username administrator already exists
    echo setting password
    dscl . passwd /Users/administrator PASSWORD
    exit
    else
    echo
    fi

    }

    checkusername

    /usr/sbin/installer -pkg 'create_USERNAME-1.0.pkg' -target /
  • I don't know how to hide/encrypt the passwords though. Also, I'm sure someone way better than I am at scripting could come up with a more elegant solution for checking multiple capitalization variations.
  • Oh, and I'm using this: http://magervalp.github.io/CreateUserPkg/
Please log in to comment

Answers

0

we change the password for our user with this script

dscl . -passwd /Users/admin oldpassword newpassword

Answered 12/05/2013 by: SMal.tmcc
Red Belt

Please log in to comment
This content is currently hidden from public view.
Reason: Member has been banned from the site
For more information, visit our FAQ's.

Answer this question or Comment on this question for clarity