script didn't work in 10.5.1

There seems to be an issue at dscl -list. Running the command in the terminal on its own yields no response. You should also allow for a UID to be specified along with a new name and password (and check for duplicates) so you don't have to change the script for every new user you make.

Great shell script idea - very helpful.

Yay! My first hint! Anyway, I modified the script to use a full path through the directory rather than relying on relative paths. Things should work better now. Also, you can now supply a GID and a UID on the command line. It would look like: mkadmin jimnieken password 510 511. I was thinking I should do more error checking to make sure the supplied GID and UIDs are not already in use. For that matter, the script still also places the user in the administrative group. I should fix that.

Please let me know if there are any other problems.

The user directory still show's up in the /Users/ directory right? Would there be a way te get arround that?

This is not a good idea at all. W/O a home directory the behavior of some programs can become un-predictiable. Remember OS X is UNIX now, and there are certain things that you have to deal with.

If this were a normal user account, I would agree with you. But for most (if not all) administrative functions, a home directory does not seem to be necessary. You may get an error here and there, but everything from ARD to Disk Utility, System Preferences and Terminal all work as usual. You can download files, install software, delete and add accounts, change system settings, et cetera.

About the only thing you don't get is permanence between logins, because there is no ~/Library to save settings to. For my purposes, this doesn't really bother me. Plus, it keeps overhead for the hidden account to a bare minimum.

I agree. I tried this with a 10.4.11 iMac and while it created the user fine and hides it from the login window, it does leave problems... it doesn't provide a home directory setup, trying to get into System Preferences > Accounts results in a blank panel, and running a few commands/apps result in slow performance since there isn't a /Users/$USER/Library folder to write to. I was initially very excited, but this needs a user home in order to be a complete solution.

I don't understand why it is considered a problem for admin accounts to be visible to other users. Just make sure it is protected by a good strong password.

Maybe just because it looks ugly?

And just to get rid of the 'big brother' impression you users get when they always see that there is an 'admin user' on THEIR machine?

You are right. There is no technical reason to hide the admin user.
But sometimes there are reasons beyond the technical horizon which may also be of some importance.

is it then better to be "big brother" without users knowing it? ;)

I would hope that it's a given that we're all choosing relatively strong passwords for our admin accounts. An added benefit to having a hidden admin account is that in addition to not knowing what the admin password is, the user (for those who wish to try hacking past their allowed privileges) doesn't know what the admin user-name is -- assuming that you choose an admin user-ID that's NOT "admin" or "administrator". For me, it's not about "Big Brother" ethics but rather having a way to make it easier for me to maintain a large number of Macs---for staff-members worried about "Big Brother", I don't have time or the interest in watching what people are or aren't doing on their computers; my interest is in providing a computer with a solid, tested image that contains the apps my staff needs to perform their job duties--and if that takes a few minutes to set up a hidden admin account to minimize problems, so be it.

I think it's an unfortunate necessity that we need to create hidden user accounts... this is either a reflection of my staff or society in general. I work in a school department where I am one person in a two-person IT team, managing almost 600 Macs. We prefer to deploy a standard image that's been tested w/all the apps they need to perform their duties--and we don't have time to troubleshoot problems when someone has added an app without permission. My predecessor used to give out the admin login and password to anyone who asked for it, much to the dismay of my supervisor and me (it's taken me a year to pick up the mess created). I would much rather have to connect via ARD and spend five minutes installing a special app a staff-member needs than to give them an admin account AND THEN have to fix the mess.

[ Reply to This | # ]

Where does this account reside when it's created using these commands? If I want to delete the account, I need to know where it's located.

Help, anybody?

/bin/launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist &

I did a fresh install and skipped the initial setup by creating the .AppleSetupDone file in /var/db, then created my own hidden admin and went from there. Stealthy.

[ Reply to This | # ]

makeUser ()
{
	/bin/echo "creating admin user account…"
	/usr/bin/dscl localhost create $PATH/Users/$USERNAME
	/usr/bin/dscl localhost create $PATH/Users/$USERNAME PrimaryGroupID 0
	/usr/bin/dscl localhost create $PATH/Users/$USERNAME UniqueID 444
	/usr/bin/dscl localhost create $PATH/Users/$USERNAME UserShell /bin/bash
	/usr/bin/dscl localhost passwd $PATH/Users/$USERNAME $PASSWORD
	/usr/bin/dscl localhost append $PATH/Groups/admin GroupMembership $USERNAME
	/usr/bin/dscl localhost create $PATH/Users/$USERNAME NFSHomeDirectory /var/home/$USERNAME
	/bin/echo "creating new admin account homedir…"
	/bin/mkdir -p /var/home/$USERNAME
	/usr/bin/ditto -rsrc -V /System/Library/User\ Template/English.lproj/ /var/home/$USERNAME/
	/usr/sbin/chown -Rf $USERNAME:admin /var/home/$USERNAME
	/bin/echo "confirming what we just did…"
	/bin/ls /var/home/$USERNAME/
	/usr/bin/id $USERNAME
	/bin/echo "if that looks good, we're all set."
}

can someone please tell me how to reverse everything in this hint , it is causing serios problems with my computer. please, and btw the user account is still visable at login but my original account woulnt let me enable fast user switching now and now the colour of my original user account screen is messed up, he only account that somewhat works is the one i created with this one...i dont know if it matters but i downloaded the file but it didnt do anything (that i know of)

First repeat this mantra, "Big guns make big holes."
The command line has the power to really stuff things up.
That said, Let's fight fire with fire. Get another dreaded terminal window.

To get rid of the "HiddenUsersList" paste this into the terminal
sudo defaults -currentHost delete /Library/Preferences/com.apple.loginwindow \HiddenUsersList

Set this true or false depending whether you want the "Other" entry in the login window.
sudo defaults -currentHost write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool false

The rest you should be able to delete in "Accounts" or using "Workgroup Manager" (from Apple.

Hope it helped, Treleven

PS: I didn't try the script, but the commands all worked exactly as described for me on Macos 10.5.2

how do i undo everything that this hint says and delete the user account. i followed this and the user account is not in the accounts tab under preferences and now i cant enable fast user switching and the color scheme is messed up on all my accounts except the new one i created... which i can only acces through the login window

someone please help.
also also i downloaded the script thing and it did nothing (that i know of)
i have 10.4.11 and even if you can tell me how to back-up and restore everything that would be appriciated......please

What caused the login window to hide UID 1000?

Can this be used to reliably create a hidden account?

Is running the chown all I need to do after changing UID?

BTW What's the keystroke combination to get the "Other" password window when it isn't displayed in the login window's list?

[ Reply to This | # ]

I have the same problem, I changed my UID to 1000 to access our SuSE Linux NFS Server.
But now my User is hidden in the login panel a I have to use "others".
Is there a way to unhide the user? I sought only users under 500 are hidden ?

Thanks for any tip

Kerm

I have the same problem.
I had to change my uid to 1000 to access our NFS server (openSuSE 11.2)
But no my login is hidden. I have to use now "Other".
Is there a way to unhide it?

Tanks for any tip

--Kerm

Made the account of creating the account under UID 0. As 0 is root, is there any way for me to revert back to the original settings? I can now log into the root account with the credentials I created with the OP's steps.
Thanks ahead.

Did anyone ever find a way to unhide user with UID 1000? This is driving me crazy that I have to type my name on the login screen every single time.