̽»¨´óÉñ

How to Create a Hidden Local Admin on Macs

Written by Kyle Randolph on July 21, 2017

Blog Home > Best Practices > How to Create a Hidden Local Admin on Macs

Share This Article

For various reasons, it can be beneficial to have the ability to assist a user without them seeing your admin account when they log in. With ̽»¨´óÉñ, this can be completed easily. The following guide demonstrates this, by showing how to hide a user account on the macOS login window directly from ̽»¨´óÉñ.

To begin this process, you will want to create a new local admin account on your machine. This can be done within the ̽»¨´óÉñ Admin Console by leveraging . Once you have created your new ̽»¨´óÉñ managed account, you are now ready to hide the account from your end-user’s view. This can be achieved using ̽»¨´óÉñ’s Commands feature. For this example, we are going to write a short command that will hide the newly created ̽»¨´óÉñ admin from the login window. In addition, we will run a second command to hide the ̽»¨´óÉñ administrator’s home directory from the Finder.

Hiding a Local Admin Account

The following steps demonstrate how you can modify a ̽»¨´óÉñ Admin account on a machine to hide the account and the admin’s home directory from the user.

  1. Create a new command. This can be done by going to the Commands Tab, and selecting the ‘+’ icon in the upper right hand corner.
  2. Next, select that this command is going to be run against Macs, and that we will be running this command as ‘root’.
  3. Then, in the Command text field, you will want to enter the following:
     
    dscl . create /Users/JUMPCLOUD_ADMIN_USERNAME IsHidden 1; chflags hidden /Users/JUMPCLOUD_ADMIN_USERNAME

    (It is important to note that you will want to change JUMPCLOUD_ADMIN_USERNAME to the actual username of the ̽»¨´óÉñ Admin that was provisioned to the system.)

  4. Select the system(s) that have the administrative account present under the Systems tab in the Commands aside, and then select ‘save command’.
  5. Once you’ve verified that the user is bound to the system, and that you’ve successfully updated the command, you’re ready to run it! This can be done by selecting ‘run now’.

Once the command has successfully run against your system(s), you will now see that the Admin account is not viewable in the login window list, or in the User’s directory. However, you will still be able to sign into this account by entering in the admin’s username at the login window to access the machine.

With this complete, you can now assist your users on their machines without them being able to see your admin account.

If you have any questions, feel free to reach out to us at [email protected].

Kyle Randolph

Kyle Randolph works as a Product Manager at ̽»¨´óÉñ, the world's first Directory-as-a-Service. Kyle enjoys learning about emerging technologies and cloud computing.

Continue Learning with Related Posts

Visit the Search Page

Continue Learning with our Newsletter