Comments (8)

1. 

   timothy perfitt

   • assigned issue to
     
     timothy perfitt

   Hi Folks,

   It would be very useful, if we can more than just the one account, especially if we can set it to prompt the admin when the workflow is run, same as what is currently being done with the set computer feature.

   Use case: I want to set a standard admin account for support, which we can currently do, but I would also like the service desk person deploying the mac, to be prompted to create a local account for the user he/she will be deploying the mac to.

   Thanks, Kamal

   • 2019-05-02T01:20:56+00:00
2. 

   timothy perfitt

   • changed status to resolved

   fixed in 14023. please verify and close issue if resolved.

   • 2019-05-07T02:40:00+00:00
3. 

   Kamal Taynaz reporter

   Hi Tim,

   This is great, can the user2 form be populated with mds_var# so that the techie can be prompted to fill in the user information when the workflow kicks off? That would be super useful.

   Thanks,

   Kamal

   • 2019-05-07T06:42:50+00:00
4. 

   timothy perfitt

   interesting. So you could add in {{mds_var1}} in one of the user fields and when the workflow is run, it uses that value when creating the user? Is that right?

   • 2019-05-07T15:36:37+00:00
5. 

   Kamal Taynaz reporter

   Yes. That’s it. So we like many others do not bind to AD, so we must create local accounts. Since using MDS, that has become easier, I now label mds_var1 as username and mds_var2 for full name. Then I add a shell script that calls the pycreateuserpkg which then creates the account then enable secureToekn on the account through the admin account.

   ‌

   But if you can make the user1 user2 forms honor both text entry and mds environment variables, that would be fantastic. In fact if instead of tabs for user1 user2, maybe have an ADD button and we can in theory create as many accounts as we like.

   ‌

   best regards,

   Kamal

   • 2019-05-07T16:22:41+00:00
6. 

   AMacadminguy

   @greatkemo , any chance you are willing to share your script? Having beaten my head against the wall during the “SecureToken revolution” I would love to have something tried and true to start with.

   @tperfitt , what version does this feature appear in? Also, perhaps something related to this could be included in “Sample Scripts and Resources”? Just an idea.

   thanks guys!

   • 2019-05-16T15:43:47+00:00
7. 

   Kamal Taynaz reporter

   @amacadminguy Sure, would love to share… However, it is more a workflow than just a script, the script is a small portion of it.

   ‌

   1. Create an MDS workflow with an admin user and set the options to skip the setup assistant.
   2. Add environment variables to your workflow e.g. mds_var1=UserName mds_var2=FullName
   3. Download this repo https://github.com/gregneagle/pycreateuserpkg and package it to be copied to e.g. /usr/local/pycreateuserpkg on your MDS workflow.
   4. include the following script in the workflow to run after os install

   ‌

   #!/bin/bash

   #variables

   create_cmd="/usr/local/pycreateuserpkg/createuserpkg"
company_id=$(echo "${mds_var1}" | tr -d '")
full_name=$(echo "${mds_var2}" | tr -d '")
home_dir="/Users/${company_id}"
user_uuid=$(jot -r 1 601 699)
pkg_id="com.example.createuser"
pkg_out="/tmp/${pkg_id}_${company_id}.pkg"
passwd_hint="The temp password is company_id@example.com please change"

   #create user package

   "${create_cmd}" --name="${company_id}" --uid="${user_uuid}" --password="${company_id}@example.com" --fullname="${full_name}" --home="${home_dir}" --admin --version="1.0" --identifier="${pkg_id}" "${pkg_out}"

   #install user package

   installer -allowUntrusted -pkg "${pkg_out}" -target LocalSystem

   rm "${pkg_out}"

   sysadminctl -adminUser "admin-user" -adminPassword "admin-password" -secureTokenOn "${company_id}" -password "${company_id}@example.com"
dscl . -merge "${home_dir}" hint "${passwd_hint}"
dscl . -delete "${home_dir}" jpegphoto
dscl . -delete "${home_dir}" Picture
dscl . -create "${home_dir}" Picture "/Library/User Pictures/Animals/Owl.tif"

   exit 0

   ‌

   Hope this helps solve your issue.

   Kamal

   • 2019-05-16T16:48:13+00:00
8. 

   Dave Lebbing

   • changed status to closed

   • 2019-12-04T21:51:50+00:00
9. Log in to comment