Create macOS Admin user

expand collapsive

I have seen a few posts around this subject but not really seen an answer for my scenario.

I have a mix of DEP deployed Mac’s and manually enrolled ones. They all have Filevault enabled. For the DEP ones there is a policy which creates the user account. This is an Admin account for the user and uses the %username% variable. We have a default password which the user then changes once they have logged in for the first time.

Now, I want to create an Admin account which will allow us to reset local passwords, because the Local Accounts section will not allow this. If I try and create a new local account it needs the admin credentials for the machine to do this and I’m not about to do this manually for 100+ machines and ask the users for their local passwords, obviously.

So, how can it be done?


All Replies

  • Hey @Jonathon, thank you for reaching out to us!

    Have you tried the Create User Account action? If you haven’t, you can follow these simple steps to create a local admin account on macOS devices.

    Step 1: Head on to Manage > Devices and filter out the devices by platform. (The create user action works only on macOS devices.)

    Step 2: Now bulk select all your devices.

    Step 3: And hit Actions > Create User Account.

    Step 4: Fill out all the required fields. Don’t forget to choose Administrator as the Account Type!

    Step 5: Uncheck the Grant Secure Token field, and this will exempt you from requiring the admin credentials while creating a new user account.

    And if you wish to keep a low profile, simply check the Hide account from Login Window and Users & Groups field. This will keep the account hidden from plain sight. When you wish to log in using this account, choose Other at the login screen, to enter your username and password.

    Hope that solved your query.

    Best Regards,
    Audrey Black
    Hexnode UEM