Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Remote Actions
  3. Admin actions

Category filter

Sync Local Accounts on macOS devices with Hexnode

Jump To

The Sync Local Accounts action allows IT administrators to remotely audit and refresh the list of user profiles on a managed Mac, providing real-time visibility into account roles, security tokens, and login history.

Why Sync macOS Local Accounts?

Monitoring local user accounts is vital for maintaining security compliance and administrative oversight. Syncing ensures that the Hexnode UEM console accurately reflects the current state of all users on a device, including newly created, inactive, or unauthorized accounts.

  • Security Auditing: Verify which users possess a Secure Token for FileVault access.
  • Privilege Management: Identify if a user is an Administrator or a Standard user.
  • Activity Monitoring: Track the last successful login, failed attempts, and password changes.

How to Sync Local User Accounts

Administrators can initiate a full synchronization via remote actions or refresh existing data directly from the device summary.

Method 1: Using Remote Action (Primary Sync)

  1. Log in to the Hexnode UEM portal.
  2. Navigate to the Manage tab and click on the target macOS device.
  3. Click on Actions > Policies & Accounts > Sync Local Accounts.
  4. Navigate to the Local Accounts sub-tab to view the updated list.
Note:


The Last Synced timestamp updates upon successful execution.

Method 2: Refreshing from the Local Accounts Sub-tab

  1. Navigate to the Manage tab and select the macOS device.
  2. Open the Local Accounts sub-tab.
  3. Click the Sync Icon (circular arrow) in the top-right corner to update existing account details.

Understanding Account Attributes

The Local Accounts sub-tab provides a high-level overview of the following user attributes:

Attribute Description
Account Name The user name configured on the device.
Role Specifies the privilege level: Administrator or Standard.
User ID The unique numerical ID assigned by the macOS system.
Secure Token Indicates if a Secure Token is granted (required for FileVault).
Account Type Classified as Local, Network, Mobile, or Guest Account.
Status Current state: Logged in, Logged off, or Inactive.

Viewing Additional Account details

For granular troubleshooting, administrators can access the Local Accounts Details page by clicking on any specific Account Name.

Field Technical Detail
Full Name / Aliases The user’s complete name and shorthand login versions.
GUID A unique 128-bit text string (Generated Unique ID) for the account.
Login Shell & Home Path The specific shell (e.g., /bin/zsh) and home directory location.
Security Status Secure Token status and whether the account is Hidden.
Password Metadata Timestamp of the last password change and the configured Password Hint.
Login Activity Timestamps for the last successful/failed logins and count of failed attempts.

Managing Inactive and Deleted Users

Hexnode retains historical data for accounts that are no longer active or have been removed from the system.

  1. Open the Local Accounts sub-tab for the device.
  2. Scroll to the end of the user list.
  3. Click Show Inactive/Deleted Users.
Note:


You can still access the Details page for deleted users to review their previous configurations.

Troubleshooting Guides

Problem Potential Root Cause Resolution
Account details are outdated The sync action was not executed after a system change. Manual Refresh Required: Always execute Sync Local Accounts after modifying passwords or roles.
Secure Token status is “No” The user was created without a bootstrap token. Use the Grant Secure Token action to link the user to the system’s chain of trust.
New account not appearing The device is offline or the Hexnode Agent is inactive. Ensure the device is online and the latest Hexnode Agent is running before re-triggering the sync.
Action fails on execution Management profile issues. Verify that the MDM profile is still valid and that the device hasn’t been locally disenrolled.

Frequently Asked Questions (FAQs)

How often should local accounts be synced?

It is a best practice to execute a sync immediately after performing any account management action (e.g., creating a user or resetting a password) to ensure the portal displays the current state.

Can the actual password be seen in the sync details?

No. For security reasons, Hexnode only displays the Password Hint and the timestamp of the last change, never the plain-text password.

What is the difference between a “Mobile” and “Local” account?

A Local account exists only on the specific Mac’s disk. A Mobile account is a network account (like Active Directory) that has been cached locally to allow offline login.

Why do some users show a status of “Inactive”?

An account is marked as Inactive if it has not been used for a significant period or if the account has been disabled via system settings.

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Remote Actions