gusgrave

Q: Remove a seemingly persistent admin account or find or how it is recreated

I have a used MBP and there is a seemingly persistent hidden administrators account that keeps reappearing on it. I have mapped out the group affiliations of this "admin" user, I have located the hidden "home" folder and I have repeatedly removed the admin account and home folder using:

 

sudo dscl . -delete /Users/adminuser

sudo rm -rf /private/var/.home

 

Though it keeps reappearing over and over again. I do realize that the simplest solution to this problem is a clean install of the OS, though I'd prefer not having to revert to a blank system and spend my vacation setting everything up again. On the very least, I'd really like to find out how this home folder and user account keeps reappearing since this seems to happen regardless of available network connection or location.

 

I did try the "single user" mode removal option, though apparently that does not seem to work on Yosemite, at least not the way it used to, this

 

launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServicesLocal.plist

 

This did not work since directory services har apparently been remover, I did not find any direct explanation on how to perform the task specifically on Yosemite so I gave that up. Since I do have both root and sudo access, I though I could just accomplish the same thing from my account, though this was apparently not the case.

 

So, is there a way to purge my system from this admin account that keeps popping up OR is there a way to logg specifically the activities of the this user in some manner that can help me identify when, why and how the user is recreated even after being removed from the system?

Posted on Mar 14, 2016 1:16 AM