Help

Create hidden management account via Configuration fails on 10.8

GeorgeCasper
New Contributor III

Posted on ‎08-22-2012 10:55 AM

Hello!

I'm using Casper Suite 8.6, and have been unable to successfully create a hidden admin account on a 2012 10.8 machine. I've created a Configuration in Admin that attempts to do nothing more than create a management account and hide it. When I attempt to install it from a 2011 10.7.4 machine via Imaging over a Thunderbolt connection, it appears as if the installation runs successfully. However, I can't log in with that account. Booting my 10.8 machine in superuser mode reveals something interesting - it looks like an account was created in /var/.home/adminaccount, but actually using the su command to switch to that user fails with an error: "unknown login"

Thinking initially that I had just fat-fingered the password, I tried running the Imaging process on the machine again. This time, it hangs during "Creating jamfHelper: Creating First run Enroll Script" step.

I wiped the drive, booted from the restore partition, restored the machine, and tried again, with the same results as before.

Can anyone suggest what I might try differently, or have I discovered a bug?

0 Kudos
7 REPLIES 7

Matt
Valued Contributor

Posted on ‎08-22-2012 11:20 AM

I have issues with my admin accounts package working via Thunderbolt or Firewire but once I do it from NetBoot or USB sticks it works perfectly. Basically I just package my users and push it At-Reboot.

0 Kudos

Matt
Valued Contributor

Posted on ‎08-22-2012 12:19 PM 

#!/bin/sh

# Service Account Creation

# Creating Service Account
/usr/sbin/jamf createAccount -username "yourusername" -realname "yourrealname" -password "yourpassword" -home /private/var/youruser -shell "/bin/bash" -hiddenUser

sleep 15

# Hiding Users
defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES

exit 0      ## Success
exit 1      ## Failure

As a postinstall script.

0 Kudos

GeorgeCasper
New Contributor III

Posted on ‎08-24-2012 07:16 AM

As you observed, it does seem to install the account properly if you boot the machine from USB (though it seems like 10.8, like 10.7, is AGONIZINGLY SLOW when booted via USB).

I'll give your script a try, since with USB working so poorly, it isn't a good choice for us, and NetBoot isn't particularly viable in our environment, either.

0 Kudos

PeterClarke
Contributor II

Posted on ‎08-24-2012 07:26 AM

Also TRY using a decent USB Stick – Some are much faster then others…
– The cheap ones can be very slow…

But that's always going to be a slow-ish method (DVD is slow)…

Also - for some models - you could try a Compact Flash card – (You know - That little slot on the side of the CPU) – Has any one tried that ? – It's one of the things I was going to test - but haven't got around to…

0 Kudos

PeterClarke
Contributor II

Posted on ‎08-25-2012 09:02 AM

Sorry forgot to say – the Compact Flash cards can be MUCH Faster then USB memory sticks - but not all machines can use them - unlike USB.

– Also I haven't tried this myself – so I am not 100% sure if you can boot off of them… – They would certainly need to be reformatted to be used in this way

0 Kudos

jhbush
Valued Contributor II

Posted on ‎08-25-2012 11:49 AM

I've kinda become partial to this utility as of late.
https://github.com/MagerValp/CreateUserPkg

0 Kudos

nkalister
Valued Contributor

Posted on ‎08-27-2012 08:17 PM

I've kinda become partial to this utility as of late. https://github.com/MagerValp/CreateUserPkg

I'm a big fan of Per's method as well.

0 Kudos