Help

Trying to unify management accounts

Go to solution
cwaldrip
Valued Contributor

Posted on ‎04-07-2015 09:10 PM

At the start of our deployment we used Recon and scanned for machines on our numerous subnets and collected about 3/5th of the machines. They were all added using one of a number of possible local admin accounts, which became their management accounts.

Now we're trying to get them all to use the same management account.

My first thought was to push a new QuickAdd.pkg, with the management account we want on all the machines, to all the machines that don't have the account already. Easy enough, you'd think.

Instead of the management account being hidden though, it's plainly visible with a UID in the 500's (whatever the next number was).

Sigh.

Any suggestions? Is this possibly a bug? Doing this is a bit unusual I'll agree.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
psliequ
Contributor III

Posted on ‎04-08-2015 04:11 AM

I might also suggest creating a new account with CreateUserPkg
which allows you to easily specify a low uid and hidden homedir if you're not yet fully at 10.10.

You can then perform a full inventory search in the JSS and change the management account for everyone under the Action button.

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
damienbarrett
Valued Contributor

Posted on ‎04-08-2015 03:42 AM

I've had unpredictable behaviour with hiding management accounts in 10.10 unless I follow these instructions:

https://derflounder.wordpress.com/2014/12/31/hiding-user-accounts-in-yosemite/

You could easily script this to run after the QuickAdd package.

0 Kudos

Go to solution
psliequ
Contributor III

Posted on ‎04-08-2015 04:11 AM

I might also suggest creating a new account with CreateUserPkg
which allows you to easily specify a low uid and hidden homedir if you're not yet fully at 10.10.

You can then perform a full inventory search in the JSS and change the management account for everyone under the Action button.

0 Kudos

Go to solution
cwaldrip
Valued Contributor

Posted on ‎04-08-2015 06:31 AM

@damienbarrett I should have thought to check Der Flounder first. heading there now.

@psliequ I'll look at this too.

0 Kudos

Go to solution
cwaldrip
Valued Contributor

Posted on ‎04-08-2015 06:46 AM

@psliequ Looks like i'm going to go your way. Add a new CreateUserPkg hidden account and then change the management account.

Luckily we haven't really started deploying Yosemite yet. Is there a known issue with CreateUserPkg and 10.10?

0 Kudos

Go to solution
psliequ
Contributor III

Posted on ‎04-17-2015 03:52 AM

@cwaldrip, not that I'm aware of, though I haven't used it since 10.10.3 was released.

0 Kudos