Created
July 8, 2015 14:06
-
-
Save dderusha/f7ead4c8c1fb1408dc22 to your computer and use it in GitHub Desktop.
Convert admin users to standard user, except admin account specified
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| ## Demote admin users to standard | |
| ## | |
| ## author unknown | |
| ## Get list of users for demotion | |
| ## | |
| #In the above, you need to replace the reverse grep (grep -ve) with your local admin #accounts between the quote marks. Place a pipe betwen each name if you have multiple #ones. if you only have one, no need for "-ve", just use grep -v "youradminname" | |
| /bin/echo "Building list of local user accounts for demotion" | |
| userList=$( /usr/bin/dscl . -list /Users UniqueID | /usr/bin/awk '$2 >= 501 { print $1; }' | /usr/bin/grep -v “youradminaccountgoeshere” ) | |
| ## Remove admin privs from each user and add them into the _lpadmin group | |
| for i in $userList; do | |
| if [[ `/usr/sbin/dseditgroup -o checkmember -m $i admin | /usr/bin/awk '{ print $1 }'` = "yes" ]]; then | |
| /bin/echo "User $i is currently an admin. Converting into Standard User" | |
| /usr/sbin/dseditgroup -o edit -d $i -t user admin | |
| /bin/echo "Adding $i into _lpadmin group" | |
| /usr/sbin/dseditgroup -o edit -a $i -t user _lpadmin | |
| else | |
| echo "User $i is currently a Standard User. Leaving as is." | |
| fi | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I don't remember where I got this script from.... but it works great!!!!