At my job, users have long had admin rights. Now they’ve changed the policy and want all of them to become standard.
Rather than go to each machine individually, I’d like to have a script to do this and to be able to push it through Apple Remote Desktop if possible.
The script would have to demote the user without demoting the admin accounts. If such a script ran on all accounts above UID 501 that should be good.
Can anyone help?
Thanks.
Model: MacBook Pro 2.2 GHz i7
Browser: Firefox 25.0
Operating System: Mac OS X (10.8)
It’s been a long time since I had need to do such things, so I don’t know whether I can help all the way. For one thing, I know nothing of ARD.
But I dug up a script that will create users on a newly imaged Mac. It uses these CLI commands:
- dscl to create the user
- dseditgroup to add him to groups as needed
- createhomedir to create his home folder (doh…)
Manpage shows dseditgroup can also delete users from groups.
And found a bit of code that gets you a list of (human) users:
set input to paragraphs of (do shell script "dscl . -list /users uid | grep ' 5[0-9][2-9]'") -- find users with uid > 501
set userList to {}
repeat with userData in input
set end of userList to {word 1 of userData, (word 2 of userData) as integer}
--set contents of aUser to "/Users/" & word 1 of aUser
end repeat
userList --> {{"user", 502},{..}}