User profile for user: Community User
Community User Author

Unable to login after creating admin user using bash script

the below script creates admin user and also changes the primary admin to standard as intended but when i try to login using admin user, (1)it gets stuck at the login windows after appending password. No File Vault enabled. (2) I am expecting the below script to enable secureTokenOn but when i checked from the Terminal it shows that it has not been enabled except the primary user.


please note: I am running this script remotely via Intune MDM.


#!/bin/bash



maxUID=$(sudo dscl . list /Users UniqueID | awk '$2>m{m=$2}END{print m}')

nextUID=$(($maxUID+1))


sudo dscl . create /Users/admin


sudo dscl . create /Users/admin UserShell /bin/bash


sudo dscl . create /Users/admin RealName "admin"


sudo dscl . create /Users/admin UniqueID $nextUID


sudo dscl . create /Users/admin PrimaryGroupID 1000


sudo dscl . create /Users/admin NFSHomeDirectory /Local/Users/admin


sudo dscl . passwd /Users/admin password


sudo dscl . append /Groups/admin GroupMembership admin


sudo cp -R /System/Library/User\ Template/English.lproj /Users/voloadm


sudo chown -R voloadm:staff /Users/admin


Out=$(sudo dscl . list /Users | egrep -v "^_" | egrep -w "admin")


sudo sysadminctl -secureTokenOn $Out -password pass


Output=$(sudo dscl . list /Users | egrep -v "^_" | egrep -vw "daemon|root|nobody|admin")


# loop on every user to change the account type to standard


for user in $Output ; do sudo dseditgroup -o edit -d $user admin ;done


it would be great if someone shed light on it.


Endgoal: enable secureTokenOn before file vault encryption & the admin user should be able to login.


Moreinfo, from intune I am not able to use sysadminctl but dscl works perfectly, therefore I am expecting the same if in case someone wants to correct it. it is going to be NON-Interactive.


MacBook Pro 13″, macOS 10.15

Posted on Oct 6, 2020 6:15 AM

Reply
2 replies
User profile for user: HWTech
HWTech
Community+ 2026
User level: Level 9
73,116 points

Oct 8, 2020 11:25 PM in response to Community User

I don't know anything about what you are doing here, but I have encountered a few issues logging into user accounts on our organization's Macs from time to time. I have found a bug where one of the user accounts will "disappear" from the login screen. The only way I discovered to "fix" the issue is by creating another user account. I'm assuming a user account with a higher UID allows the older "missing" user account to reappear on the login screen. I've never had time to really investigate the issue further. Try adding another user account before trying to log into the account you really want to log into.


Another issue with logging into macOS normally is when a user account is hidden from view. Sometimes rebooting will allow me to log into the hidden user account. It seems booting into Safe Mode doesn't have this issue (so far anyway). Perhaps the two issues/bugs are related. The hidden user account was created by our MDM, but since I just installed macOS manually our MDM only pulled in a partial configuration on first boot. Again I haven't investigate further since it is a somewhat rare occurrence and I've been too busy to follow through. You may want to make sure that the user account is not hidden (at least for testing purposes). For example (this is just from memory and there may be a better way to change the setting if "IsHidden" already exists):

sudo  dscl  .  create  /Users/hwtech   IsHidden  0



Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Unable to login after creating admin user using bash script

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up