/build/static/layout/Breadcrumb_cap_w.png

How do I create a script to create/modify local admin accounts?

We have approx. 400 Macs on our campus, and the problem is they were not all set up identically. There are at least 4 different admin username and password variations.

What I'd like to have is a script that will:

1) Check to see what the local admin account(s) is called. 2) If the account isn't named properly, create a new one with the proper name. 3) Set the proper password. (Preferably it'd be obfuscated in the script)

I found on StackExchange this script, but it doesn't exactly do what I need.

#!/bin/sh
./etc/rc.common
 dscl . create /Users/administrator
 dscl . create /Users/administrator RealName"Administrator Account" 
dscl . create /Users/administrator hint "Password Hint" 
dscl . create /Users/administrator picture "/Path/To/Picture.png" 
dscl . passwd /Users/administrator thisistheaccountpassword 
dscl . create /Users/administrator UniqueID501 
dscl . create /Users/administrator PrimaryGroupID80 
dscl . create /Users/administrator UserShell/bin/bash 
dscl . create /Users/administrator NFSHomeDirectory/Users/administrator 
cp -R /System/Library/User\ Template/English.lproj /Users/administrator chown -R administrator:staff /Users/administrator
 
Another suggestion was to use to get next proper id number.
LastID=`dscl . -list /Users UniqueID | awk '{print $2}' | sort -n | tail -1`NextID=$((LastID+1))

4 Comments   [ + ] Show comments
  • You might want to check out the MacEnterprise mailing list:

    http://www.macenterprise.org/mailing-list

    You can check the archives first but I don't remember seeing anyone post about this recently. - chucksteel 10 years ago
  • This is what I came up with:


    #!/bin/bash
    # This script will first check existing accounts for presence of USERNAME or admin or administrator
    # If found, it will change the password to PASSWORD
    # If none are found, it will run the package create_USERNAME-1.0.pkg which creates an account with Full Name = Administrator, Account Name
    # (short name) USERNAME with the password.


    function checkusername () {

    local test1=$(dscl . -list /Users | grep -i USERNAME)
    local test2=$(dscl . -list /Users | grep -i admin)
    local test3=$(dscl . -list /Users | grep -i Administrator)

    if [ "$test1" = “username†]; then
    echo the username username already exists
    echo setting password
    dscl . passwd /Users/username PASSWORD
    exit
    else
    echo
    fi

    if [ "$test1" = "Username" ]; then
    echo the username Username already exists
    echo setting password
    dscl . passwd /Users/Username PASSWORD
    exit
    else
    echo
    fi

    if [ "$test1" = “UserName†]; then
    echo the username UserName already exists
    echo setting password
    dscl . passwd /Users/UserName PASSWORD
    exit
    else
    echo
    fi

    if [ "$test2" = "admin" ]; then
    echo the username admin already exists
    echo setting password
    dscl . passwd /Users/admin PASSWORD
    exit
    else
    echo
    fi

    if [ "$test2" = "Admin" ]; then
    echo the username Admin already exists
    echo setting password
    dscl . passwd /Users/Admin PASSWORD
    exit
    else
    echo
    fi

    if [ "$test3" = "Administrator" ]; then
    echo the username Administrator already exists
    echo setting password
    dscl . passwd /Users/Administrator PASSWORD
    exit
    else
    echo
    fi

    if [ "$test3" = "administrator" ]; then
    echo the username administrator already exists
    echo setting password
    dscl . passwd /Users/administrator PASSWORD
    exit
    else
    echo
    fi

    }

    checkusername

    /usr/sbin/installer -pkg 'create_USERNAME-1.0.pkg' -target / - jtremblay 10 years ago
  • I don't know how to hide/encrypt the passwords though. Also, I'm sure someone way better than I am at scripting could come up with a more elegant solution for checking multiple capitalization variations. - jtremblay 10 years ago
  • Oh, and I'm using this: http://magervalp.github.io/CreateUserPkg/ - jtremblay 10 years ago

Answers (1)

Posted by: SMal.tmcc 10 years ago
Red Belt
0

we change the password for our user with this script

dscl . -passwd /Users/admin oldpassword newpassword

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ