
Feb 01, '08 07:30:03AM • Contributed by: Anonymous
Much experimentation, and some lucky finds on the Internet, have turned up the configuration to hide a user account on 10.5, and in later versions of 10.4.
In early versions of Tiger, it was easy to hide an administrator account. As per this hint, adding the array HiddenUsersList to com.apple.loginwindow with the account or accounts to be hidden was enough. But, with Leopard, this is no longer sufficient. Accounts can be hidden well enough using a HiddenUsersList entry, but the login window and Fast User Switching menu will contain an entry for "Other...," advertising the fact that one or more hidden user accounts is lingering on the system. How to get around this?
First, to create the account, open Terminal and type these commands:
sudo dscl . create /Users/$USERNAME
sudo dscl . create /Users/$USERNAME PrimaryGroupID 0
sudo dscl . create /Users/$USERNAME UniqueID 0
sudo dscl . create /Users/$USERNAME UserShell /bin/bash
sudo dscl . passwd /Users/$USERNAME $PASSWORD
sudo dscl . append /Groups/admin GroupMembership $USERNAME
Replace $USERNAME and $PASSWORD with the username and password you want to use. The new account will be created as a root-level account. This may be a bad idea, depending on your implimentation. If you like, change the PrimaryGroupID and UniqueID to something else, so long as the number is below 500. The UID 42 is not in use under Leopard. The following will show which IDs are assigned to which number:
dscl . list /Users UniqueID
Now, to hide user accounts, type the following commands:
$ sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool TRUE
$ sudo defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array $USERNAME
Type the following to disable the "Other..." listing from the Loginwindow and the Fast User Switching menu:
sudo defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE
Reboot to ensure all changes took hold, login to your administrator account to make sure it works, and you're done. I wrote a small script to automate this process, which you can get here. Give it execute permissions with chmod, and run it as an administrator. It takes the first argument as the username to be created, and the second argument as the password.
[robg adds: I haven't tested this one -- either the commands or the linked script.]