User profile for user: BeHappy08
BeHappy08 Author
User level: Level 1
0 points

Freshly created Account is Admin-Account by Default.

A freshly created account under 10.7.4. is a Admin account by default. The checkbox "Allow user to administer this computer" is grayed out. I end up with an Admin account and there is no way to convert this account into a Standard account.


Facts: 10.7.4 - clean install on a current iMac i5


Freshly created account uses name of a deleted older account (my name)

Repaired permissions several times (disk utility and "resetpassword utility" via terminal and safe boot)

The older account had been relocated to a external disc for security reasons. There the access rights got corrupted so that I wanted to freshly create a new account and copy all files from a backup.


Any suggestions how to create a new account for me?


Thanks and best,


Steve

iMac, Mac OS X (10.7.4)

Posted on May 27, 2012 2:31 AM

Reply
38 replies
User profile for user: Linc Davis
Linc Davis
User level: Level 10
209,739 points

May 27, 2012 6:46 AM in response to BeHappy08

Launch the Terminal application in any of the following ways:


Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)


In the Finder, select Go Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.


If you’re running Mac OS X 10.7 or later, open LaunchPad. Click Utilities, then Terminal in the page that opens.


Drag or copy — do not type — the following line into the Terminal window, then press return:


dscl . -read /groups/admin GroupMembership


You should get the following output below what you entered:


GroupMembership: root admin1 admin2 ...


where admin1, admin2, ... are the names of the admin users. Do you get the results you expect?

Reply
User profile for user: BeHappy08
BeHappy08 Author
User level: Level 1
0 points

May 27, 2012 7:14 AM in response to Shootist007

Impossible. As mentioned earlier: On creation of the account it is a Administrator account and there is no way to change this: The checkbox "User is allowed to administer this computer" is always grayed out.


The original account had been fully erased, all files deleted, than permissions repaired.


Than a new account is created.


This newly created account given an username that existed before is set up as an Admin account - and this cannot be changed in the UI.


A new newly created account given a different name (that never existed on that system) however is a limited account and can be modified as wanted.


The system seems to remember these older account names.

Reply
User profile for user: Linc Davis
Linc Davis
User level: Level 10
209,739 points

May 27, 2012 1:39 PM in response to BeHappy08

Back up all data.


Enter the following shell command in the same way as before:


sudo dseditgroup -o edit -d user_to_be_demoted -t user admin


For user_to_be_demoted, substitute the short name of the user to be removed from the admin group. You'll be prompted for your login password, which won't be displayed when you type it. You may get a one-time warning not to screw up -- that's normal. If you get an error message, post it.

Reply
User profile for user: BeHappy08
BeHappy08 Author
User level: Level 1
0 points

May 27, 2012 2:11 PM in response to Linc Davis

I am logged in as "SteveTemp" which is temporary account in order to fix things.


First I reran the dscl command from above. Same result: root Steve Admini


Than I ran this command for user Steve.


Result: "SteveTemp" is not in the sudoers file.


In addition I did some more testing: A newly created account that has a name different from the account name e. g. Steve and stevesomething is not affected by this problem. Then I deleted that again and checked other names that had been present in the system earlier - and voila - Admin only.


I could use this as a workaround now but I suspect that there is something in the background that may affect integrity of my account structure.

Reply
User profile for user: BeHappy08
BeHappy08 Author
User level: Level 1
0 points

May 29, 2012 1:06 AM in response to Linc Davis

System replied "record was not found". Spelling double checked.


Linc, thank your very much for your support, highly appreciated.


However, I did create a new account with a different name as a standard account and copied folder by folder from my backups. That seems to work. The subject seems complex and I have maintained my user account since mac os 8.5 or so. So even on mac os x there may be time to refresh an user account, where I do run complex scripts and databases like DevonThink Pro.


Again thank you and all the best.


Steve.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Freshly created Account is Admin-Account by Default.

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up