Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Script to login as Guest

Hello, I've been asked to push a script to select Macs that causes them to automatically login to the guest account.

I've got a working script (below) to write to the necessary keys. However I've run into a really weird case where System Preferences shows the guest account is enabled and selected for auto login, however when I reboot I land at the login screen. I'm testing on a MacBook Air 13" that I internet recover between tests.

Any Ideas?

printf "$appName $(date): Enabling guest account... \n"
sudo defaults write /Library/Preferences/com.apple.AppleFileServer guestAccess -bool true
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess -bool true
printf "$appName $(date): Done. \n"

printf "$appName $(date): Setting Guest account to auto-login\n" 
defaults write "/Library/Preferences/com.apple.loginwindow" GuestEnabled -bool true
defaults write "/Library/Preferences/com.apple.loginwindow" autoLoginUser "Guest"
chmod 644 "/Library/Preferences/com.apple.loginwindow.plist"
printf "$appName $(date): Done.\n"

external image link
external image link

Like Comment
Order by:
SOLVED Posted: 2/14/14 at 4:16 PM by franton

Do you have MCX/config profile that sets the username/password login box? That may be interfering.

Like
SOLVED Posted: 2/14/14 at 4:56 PM by Sonic84

I have MDM profiles in production that enforces username/password and disabled the guest account. The end goal is to push this script to a group of systems that I've removed MDM from, however my lab system does not have any MDM/MCX. In fact my lab system has not been hooked to Casper or AD.

Like
SOLVED Posted: 6/9/14 at 6:18 PM by mcrispin

Have you made any progress on this? I would be grateful if you might be able to share your eventual solution.

Like
SOLVED Posted: 6/10/14 at 2:32 AM by fulm

We use "Guest Accounts" with our Library computers. We just send out a script to activate "Guest" and set login screen to just show Guest user. We don't want autologin because every user should get a fresh Guest account to work with. For which reason will you need the guest Account?

The script we use to enable "Guest":

#!/bin/bash
#Create Guest Account in the DS Local Node
dscl . -create /Users/Guest
dscl . -create /Users/Guest dsAttrTypeNative:_defaultLanguage en
dscl . -create /Users/Guest dsAttrTypeNative:_guest true
dscl . -create /Users/Guest dsAttrTypeNative:_writers_defaultLanguage Guest
dscl . -create /Users/Guest dsAttrTypeNative:_writers_LinkedIdentity Guest
dscl . -create /Users/Guest dsAttrTypeNative:_writers_UserCertificate Guest
dscl . -create /Users/Guest AuthenticationHint ''
dscl . -create /Users/Guest NFSHomeDirectory /Users/Guest
dscl . -passwd /Users/Guest ''
dscl . -create /Users/Guest Picture "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/UserIcon.icns"
dscl . -create /Users/Guest PrimaryGroupID 201
dscl . -create /Users/Guest RealName "Guest User"
dscl . -create /Users/Guest RecordName Guest
dscl . -create /Users/Guest UniqueID 201
dscl . -create /Users/Guest UserShell /bin/bash

#Create Keychain item  for Guest
security add-generic-password -a Guest -s com.apple.loginwindow.guest-account -D "application password" /Library/Keychains/System.keychain

#Enable Guest Account
defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool TRUE

as well, you will need to make guest able to login

#!/bin/bash 

defaults write /Library/Preferences/com.apple.AppleFileServer guestAccess -bool true
defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess -bool true

Hope that helps a little bit.

Cheers!

Like
SOLVED Posted: 6/15/14 at 1:10 AM by mcrispin

This is for non-bound laptops being used by primary school children \- your solution would be just fine, perhaps I am automating too much.

If it matters, Rich Trouton (as always) has a unique solution I've considered as it gets around some interesting issues:

http://derflounder.wordpress.com/2013/12/29/creating-custom-guest-users-on-os-x/

Like
SOLVED Posted: 3/3/15 at 8:55 AM by jens.muehlenberg

Creating the Guest User works fine. But now I'm having trouble with the keychain on my Guest User Account when I open up Safari. It says that the password has changed and I need to set a new password for keychain.

It works when I remove the following line: security add-generic-password -a Guest -s com.apple.loginwindow.guest-account -D "application password" /Library/Keychains/System.keychain

But then I need to login with password on my Guest User Account. When I hit Enter (no Password) it logs in.

Like
SOLVED Posted: 3/26/15 at 12:03 PM by Sonic84

the solution I finally settled on combines the one fabsen83 mentioned and the one posted here: https://derflounder.wordpress.com/2013/12/29/creating-custom-guest-users-on-os-x/

it works well, however for 10.10, I'm having a keychain issue. For some reason a keychain is not being created for the new guest user which causes Safari to complain. This happens each time the guest user logs in since the account folder deletes itself on logout.

Like
SOLVED Posted: 1/7/16 at 6:02 PM by themacdweeb

We got around the keychain issue by... not creating a keychain for the account and allowing it to create itself. It's a guest account anyway it'll only get blown away anyhoo. This, of course, means that the guest account might not be able to auto-login but that's something we can live with. Code follows:

#!/bin/sh

# this script creates a guest account, ensures that it's visible at the login window and functional in all other ways. 
# ensure that you've modified the english.lproj template folder to make the account look & feel as you prefer.

# ---------------------------------------------------------
#   Set all Variables
# ---------------------------------------------------------

#----- Standards
SCRIPTNAME=$0
Result=$?

#----- Verbose error checking during execution
set -u

#----- Guest Account Variables
user=guest
GuestID="600"

#--- Set Logging
Log="/Library/Logs/YourCompany/"
if [ ! -d "${Log}" ];
then
    mkdir $Log
    chown root:wheel $Log
    chmod 777 $Log
fi
exec >> "${Log}"/com.YourCompany.CreateGuestAccount.log 2>&1

#----------------------------------------------------------
#  Timestamp
#----------------------------------------------------------
echo "                                   "
echo "###################################"
echo "##### `date "+%A %m/%d/%Y %H:%M"`"
echo "###################################"
echo "                                   "

#----------------------------------------------------------
#  Script
#----------------------------------------------------------

# create guest account core attributes
dscl . -create /Users/$user
dscl . -create /Users/$user realname "${user}"
dscl . -create /Users/$user RecordName "${user}"
dscl . -create /Users/$user NFSHomeDirectory /Users/$user
dscl . -passwd /Users/$user ''
sleep 2
dscl . -create /Users/$user AuthenticationHint ''
dscl . -create /Users/$user UniqueID "${GuestID}"
dscl . -create /Users/$user PrimaryGroupID "${GuestID}"
dscl . -create /Users/$user shell /bin/bash
dscl . -create /Users/$user dsAttrTypeNative:_defaultLanguage en
dscl . -create /Users/$user dsAttrTypeNative:_guest true
dscl . -create /Users/$user dsAttrTypeNative:_writers_defaultLanguage "${user}"
dscl . -create /Users/$user dsAttrTypeNative:_writers_LinkedIdentity "${user}"
dscl . -create /Users/$user dsAttrTypeNative:_writers_UserCertificate "${user}"
echo "$user account has been created with the UID of $GuestID."

# Enable guest account to show @ login window
defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool true
echo "$user account is now visible at login window."

# Enable guest account functionality
defaults write /Library/Preferences/com.apple.AppleFileServer guestAccess -bool true
defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess -bool true
echo "$user account is now functional with core OS."

echo ""
echo "$user account setup is now complete."

exit 0
Like
SOLVED Posted: 8/10/16 at 11:41 PM by csokolov

There's a nifty solution to this that I found at the following blog: http://osxadmin.blogspot.com/2016/06/creating-custom-guest-users-on-os-x.html

You must create a password (any password) for the Guest account at the dscl . -psswd spot and then make the keychain accessible by all processes (-A) and account for password (-w)

The following would be the complete script, copied from fulm's post:

#!/bin/bash
#Create Guest Account in the DS Local Node
dscl . -create /Users/Guest
dscl . -create /Users/Guest dsAttrTypeNative:_defaultLanguage en
dscl . -create /Users/Guest dsAttrTypeNative:_guest true
dscl . -create /Users/Guest dsAttrTypeNative:_writers_defaultLanguage Guest
dscl . -create /Users/Guest dsAttrTypeNative:_writers_LinkedIdentity Guest
dscl . -create /Users/Guest dsAttrTypeNative:_writers_UserCertificate Guest
dscl . -create /Users/Guest AuthenticationHint ''
dscl . -create /Users/Guest NFSHomeDirectory /Users/Guest
dscl . -passwd /Users/Guest 'Guest'
dscl . -create /Users/Guest Picture "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/UserIcon.icns"
dscl . -create /Users/Guest PrimaryGroupID 201
dscl . -create /Users/Guest RealName "Guest User"
dscl . -create /Users/Guest RecordName Guest
dscl . -create /Users/Guest UniqueID 201
dscl . -create /Users/Guest UserShell /bin/bash

#Create Keychain item  for Guest
security add-generic-password -a Guest -s com.apple.loginwindow.guest-account -A -w "Guest" -D "application password" /Library/Keychains/System.keychain

#Enable Guest Account
defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool TRUE

Just make sure the two passwords match, and I think you need to make sure the password conforms with any PW requirements imposed.

Like
SOLVED Posted: 12/7/16 at 4:40 PM by b.adams

So I've tried the scripts here listed in this post, but I'm having an issue where the keychain is still popping up everytime we log into the guest account.

Here is the script we're currently using, are there any modification we can do to get the script to work without prompting the keychain issue everytime the guest account logs in?

#!/bin/sh

# this script creates a guest account, ensures that it's visible at the login window and functional in all other ways. 
# ensure that you've modified the english.lproj template folder to make the account look & feel as you prefer.

# ---------------------------------------------------------
#   Set all Variables
# ---------------------------------------------------------

#----- Standards
SCRIPTNAME=$0
Result=$?

#----- Verbose error checking during execution
set -u

#----- Guest Account Variables
user=guest
GuestID="600"

#--- Set Logging
Log="/Library/Logs/YourCompany/"
if [ ! -d "${Log}" ];
then
    mkdir $Log
    chown root:wheel $Log
    chmod 777 $Log
fi
exec >> "${Log}"/com.YourCompany.CreateGuestAccount.log 2>&1

#----------------------------------------------------------
#  Timestamp
#----------------------------------------------------------
echo "                                   "
echo "###################################"
echo "##### `date "+%A %m/%d/%Y %H:%M"`"
echo "###################################"
echo "                                   "

#----------------------------------------------------------
#  Script
#----------------------------------------------------------

# create guest account core attributes
dscl . -create /Users/$user
dscl . -create /Users/$user realname "${user}"
dscl . -create /Users/$user RecordName "${user}"
dscl . -create /Users/$user NFSHomeDirectory /Users/$user
dscl . -passwd /Users/$user ''
sleep 2
dscl . -create /Users/$user AuthenticationHint ''
dscl . -create /Users/$user UniqueID "${GuestID}"
dscl . -create /Users/$user PrimaryGroupID "${GuestID}"
dscl . -create /Users/$user shell /bin/bash
dscl . -create /Users/$user dsAttrTypeNative:_defaultLanguage en
dscl . -create /Users/$user dsAttrTypeNative:_guest true
dscl . -create /Users/$user dsAttrTypeNative:_writers_defaultLanguage "${user}"
dscl . -create /Users/$user dsAttrTypeNative:_writers_LinkedIdentity "${user}"
dscl . -create /Users/$user dsAttrTypeNative:_writers_UserCertificate "${user}"
echo "$user account has been created with the UID of $GuestID."

# Enable guest account to show @ login window
defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool true
echo "$user account is now visible at login window."

# Enable guest account functionality
defaults write /Library/Preferences/com.apple.AppleFileServer guestAccess -bool true
defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess -bool true
echo "$user account is now functional with core OS."

echo ""
echo "$user account setup is now complete."

exit 0
Like