Manage Users and Passwords on Mac devices

Updated on 27 Sep 2023
3 Minutes to read

Article Summary

Share feedback

Thanks for sharing your feedback!

The following shell script helps IT Admins create a user(s) account on Mac devices with specified parameters.

Create a file on your desktop, for example, CreateUseronMac.sh and open it in a text editor like notepad++

Copy the contents below to the file or click here to download the file.

Shell

#!/bin/sh   

# Add the user name
username="XXXXXXX"
# Add the display name of the User   
displayName="XXXXXXXXXXXXX"
# Set the password for the user
password="XXXXXX"
# If admin account is needed then set "yes" else "no"
admin="XX"
# If hidden account is needed then set "yes" else "no"
hidden="XX"
# Set the password hint if required. Else set empty string ""
passwordhint="XX"
# Set the account image if required. Else set empty string ""
accountimage="XX"

##### DO NOT EDIT BELOW CODE #####

if id "$username" &>/dev/null; then
    echo "$username already exists. Exiting script"
    exit 1
fi


# determine next available UID
highestUID=$( dscl . -list /Users UniqueID | /usr/bin/awk '$2>m {m=$2} END { print m }' )
nextUID=$(( ${highestUID//[ $'\001'-$'\037']}+1 ))

echo "Creating user with username: $username, displayName: $displayName, password: $password"
echo "isAdminAccount: $admin, isHidden: $hidden, passwordHint: $passwordhint, accountimage: $accountimage"

dscl . -create "/Users/$username"
dscl . -create "/Users/$username" RealName "$displayName"
dscl . -passwd "/Users/$username" "$password"  
dscl . -create "/Users/$username" UniqueID "$nextUID"  
dscl . -create "/Users/$username" UserShell /bin/bash

# make the account admin, if specified
if [[ "$admin" = "yes" ]]; then
	dscl . -create "/Users/$username" PrimaryGroupID 80  
    dscl . append /Groups/admin GroupMembership "$username"
else
	dscl . -create "/Users/$username" PrimaryGroupID 20  
fi

# hide the account, if specified
if [[ "$hidden" = "yes" ]]; then
    dscl . create "/Users/$username" IsHidden 1
    dscl . create "/Users/$username" NFSHomeDirectory "/private/var/$username"
    cp -R /System/Library/User\ Template/English.lproj "/Users/$username"
    chown -R "$username:admin" "/Users/$username"
else
    dscl . create "/Users/$username" NFSHomeDirectory "/Users/$username"
    cp -R /System/Library/User\ Template/English.lproj "/Users/$username"
    chown -R "$username:staff" "/Users/$username"
fi

# set password hint if mentioned
if [ ! -z "$passwordhint" ]; then
	dscl . -create "/Users/$username" hint "$passwordhint"
fi

# set account image if mentioned
if [ ! -z "$accountimage" ]; then
	dscl . -create "/Users/$username" picture "$accountimage"
fi

echo "Successfully created the account"

Replace the following data in the above script according to your requirements:
1. username: replace it with the name of the user account that you want to create.
2. displayName: replace it with the display name of the user.
3. password: enter the password that you want to set for the user.
4. admin: if you want to add an admin account on the device then set yes or else no.
5. hidden: if you want to add a hidden account on the device then set yes or else no.
6. passwordhint: enter a password hint or keep it blank.
7. accountimage: add and image for account or keep it blank.
  For example:
```
#!/bin/sh   

# Add the user name
username="Scalefusion"
# Add the display name of the User   
displayName="Scalefusion Standard User"
# Set the password for the user
password="123456"
# If admin account is needed then set "yes" else "no"
admin="no"
# If hidden account is needed then set "yes" else "no"
hidden="no"
# Set the password hint if required. Else set empty string ""
passwordhint=""
# Set the account image if required. Else set empty string ""
accountimage=""
```
Follow our guide to upload & publish the Shell script using Scalefusion Dashboard.

Please note that to use the Shell scripts, the Scalefusion MDM Client Application must be installed on the device(s). Please follow our guide to publish and install the Scalefusion MDM Agent Application.

Notes:

1. The scripts and their contents are sourced from various albeit authenticated Apple Developer communities and forums.

2. Please validate the scripts on a test machine before deploying them on all your managed devices.

3. Scalefusion has tested these scripts, however, Scalefusion will not be responsible for any loss of data or system malfunction that may arise due to the incorrect usage of these scripts.

Was this article helpful?

What's Next

Manage Folder Access