How to add admin account via DEP configuration profiles on macOS devices
An administrator account has complete access to everything on the Mac, including installing software updates, installing/uninstalling applications, accessing and deleting system files, and performing other administrative tasks. An admin user in a macOS device can add and manage other users and change system settings. Hexnode lets your organization add an admin account for macOS devices enrolled via Apple Business Manager.
Add administrator user account on macOS devices
The macOS device enrolled via Apple Business Manager can be viewed in the DEP Devices list. We can add admin users by configuring DEP Configuration Profiles.
- On your Hexnode portal, go to Enroll > Platform-Specific and under macOS, click on Apple Business/School Manager.
- Under DEP Devices, you can see the enrolled macOS devices. Click on DEP Configuration Profiles to configure DEP policies.
- Click on Configure DEP Profile to create a new DEP policy. You can also edit the existing DEP profiles by clicking on them. Give a suitable name for the DEP Policy.
- Check the Configure user accounts option.
- Click on Save to save the policy.
- Associate the DEP Policy with the macOS device to add the admin user.
You will have the following options to configure.
|Setup new account as||Administrator|
|Full name||Enter the name of the administrator. You can use wildcards in this field.|
|Account name||You can use either “Full name” or “Account name” to log in to your Mac. The ‘Account name’ will be used as the name for your home folder. Enter the name of the Administrator. It supports the use of wildcards.|
|Password||Enter a password for the user account. It also supports the use of wildcards. However, the wildcards would be hidden under an asterisk. Click on the eye icon to view.|
|Hide account from Login Window and Users & Groups||If enabled, the account will be hidden from System Preferences > Users & Groups on your Mac device. Enabling this option will also hide the account name and only display the password prompt on the login window.|
What happens at the device end?
After this policy is associated, your managed devices will automatically have the admin account configured on the system. The policy gets applied when the device connects to the internet during the Setup Assistant steps.
The admin account will be shown or hidden on the Login window depending on your settings. If the account is hidden from the Login window, you can sign-in to the admin account from the Login window by click on any user account and pressing the option + return key combination. Then, on the same screen, you can type in the admin account name or full name followed by the corresponding password to login to the admin account.