cancel
Showing results for 
Search instead for 
Did you mean: 

macOS - Hiding admin or local users via MDM profile.

rlyons
Rising Star I

Do you have a local admin user that you don't want to show up on the login list? Or perhaps you don't want the admin users to appear when you log into a user machine? Well, worry not. For once, Apple's got this covered. For those using a profile creator, this is under the Login Window system domain.

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>HiddenUsersList</key>
			<array>
				<string>hidethislocaluser</string>
			</array>
			<key>HideAdminUsers</key>
			<true/>
			<key>PayloadDisplayName</key>
			<string>Loginwindow</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.loginwindow.0B513E4B-FBE8-44E2-9276-616327C8AF48</string>
			<key>PayloadType</key>
			<string>com.apple.loginwindow</string>
			<key>PayloadUUID</key>
			<string>0B513E4B-FBE8-44E2-9276-616327C8AF48</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>SHOWOTHERUSERS_MANAGED</key>
			<true/>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Test profile for hidden user logins.</string>
	<key>PayloadDisplayName</key>
	<string>LoginWindow</string>
	<key>PayloadIdentifier</key>
	<string>com.nunya.bizniss.randomhexDf87ff</string>
	<key>PayloadOrganization</key>
	<string>Nunya Inc</string>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>078A2261-6B7A-403A-B34C-D2BCB9F729A5</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
	<key>TargetDeviceType</key>
	<integer>5</integer>
</dict>
</plist>

 

Options I like to enable as well:

- Show user name and password fields instead of list: 

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>AdminHostInfo</key>
			<string>hostname</string>
			<key>HiddenUsersList</key>
			<array>
				<string>hidethislocaluser</string>
			</array>
			<key>PayloadDisplayName</key>
			<string>Loginwindow</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.loginwindow.0B513E4B-FBE8-44E2-9276-616327C8AF48</string>
			<key>PayloadType</key>
			<string>com.apple.loginwindow</string>
			<key>PayloadUUID</key>
			<string>3DA60F9D-2CE1-4988-AB7E-093E04A468C7</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>SHOWFULLNAME</key>
			<true/>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Test profile for hidden user logins.</string>
	<key>PayloadDisplayName</key>
	<string>LoginWindow</string>
	<key>PayloadIdentifier</key>
	<string>com.nunya.bizniss.randomhexDf87ff</string>
	<key>PayloadOrganization</key>
	<string>Nunya Inc</string>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>005935DC-5A69-49A7-90D3-F6DDB1985C97</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
	<key>TargetDeviceType</key>
	<integer>5</integer>
</dict>
</plist>

 

Happy hiding!

2 REPLIES 2

BenGarrison
JumpCloud Alumni
JumpCloud Alumni

This is nice if you need to target certain accounts. Otherwise, couldn't you just use the JC policy to display username/password on login?

BenGarrison_0-1656351002019.png

 

I do, but for BYOD devices, I like to have this covered if they want the list instead.