Skip navigation

Delete users script that doesn't delete users from a set list

1387 Views 6 Replies Latest reply: Apr 19, 2012 6:18 AM by jtechy83 RSS
psnow85 Level 1 Level 1 (0 points)
Currently Being Moderated
Sep 20, 2011 3:01 PM

Hi Guys,

 

I've been working on a problem this week and wanted to know if anyone on here has an answer?

 

The problem I have is that I want to create a script that deletes both the profile and home directory (/Users/) of users that are not named in a .txt (or suitable format) file.

 

E.g if in "Safe_Users.txt" I have the following list (This list of names would be the same for several machines) -

 

userA

userB

userC

userD

 

I would like a script to delete the profiles/home directories of users that are not on that list E.g

 

userE

userF

uesrG

.

.

.

 

Would be deleted.

 

My aim is to push this script out with ARD. I can delete profiles of users using "dscl . -delete /Users/nameOfUser" but have to do that manually. I have 2 labs with about 40 machines. Users log on with their account hence the reason why I want users deleted that are not on a list.

 

Any help guys?

 

Regards,

 

Peter

iMac, Mac OS X (10.6.7)
  • ipanacea Level 1 Level 1 (0 points)

    I'm trying to do the same thing, however instead of having a list of specific users to keep, I'm focusing on the script just keeping the ADMIN accounts (which happens to be a local user), and deleting all the rest of the accounts in the /Users folder.

     

    Have you had any luck with this yet?

  • twtwtw Level 5 Level 5 (4,580 points)

    the basic applescript would be something like, which you should be able to modify to use through ARD:

     

    -- parse list of short user names of current accounts

    set currentUserList to paragraphs of (do shell script "dscl . -list /Users")

    -- parse list of alowed accounts; file should be a return delimited list of short user names

    set allowedUserList to paragraphs of (read "/path/to/textfile.txt")

     

    repeat with thisUser in currentUserList

              if thisUser is not in allowedUserList then

                        do shell script "dscl . -delete /Users/" & thisUser

                        do shell script "rm -rf /Users/" & thisUser

              end if

    end repeat

     

    be very careful: "dscl . -list /Users" will include a ton of hidden system accounts that you should not delete if you want your computer to continue working - you'll either have to find a better way of generating the list or do something to make sure those accounts (and any future accounts apple might add) are preserved.

     

    to do this retaining only admin accounts, you'll need to find away to get the system to tell you which accounts are admins.  I'm not sure how to do that, but I'm looking into it; dscl and account administration isn't really in my strong suit.

  • ipanacea Level 1 Level 1 (0 points)

    Actually, I got this to work as a LogoutHook.

     

    #!/bin/bash

    # Logout script to remove nonadmin accounts from Users folder

    # If user is an admin, exit script

    if [ $USER = "usernametosave" ]; then

    # the next 2 lines could be substituted for the previous line

    # dscl . -read /Groups/admin GroupMembership | grep -q "$USER"

    # if [ "$? -eq 0"]; then

    echo "LOGOUT: admin folders will not be deleted."

    exit 1

    fi

     

    # If home directory exists, delete

    if [ -d "/Users/$USER" ]; then

    echo "LOGOUT: user account cleanup."

    rm -R /Users/"$USER"

    dscl . -delete /Users/"$USER"

    fi

    exit 0

     


    And then you make the script executable and write to the com.apple.loginwindow file. Then each time someone logs out it runs the script.

  • twtwtw Level 5 Level 5 (4,580 points)

    beats me why you don't just use Guest accounts.  Easy to configure, and saves the trouble of running a script.

  • ipanacea Level 1 Level 1 (0 points)

    I agree, Guest accounts make it much easier, however not all environments often like to use the easy route.

  • jtechy83 Level 1 Level 1 (0 points)

    I shoved the script above into apple script editor and it came up with all kinds of syntax errors. What xactly needs to be edited or replaced in the above?

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.