Administering Local Accounts

You can perform the following local account administration tasks using a policy or Jamf Remote:

  • Create a new account.

  • Delete an existing account.

  • Reset the password for an existing account.

  • (Policy only) Disable an existing account for FileVault 2.

When you create a new account, you can do the following:

  • Specify the password and password hint.

  • Specify a location for the home directory.

  • Configure the account picture.

  • Give the user administrator privileges to the computer.

  • (Policy only) Enable the account for FileVault 2.

When you delete an existing account, you can permanently delete the home directory or specify an archive location.


(macOS 10.14 or later only) To reset an existing account password, the SecureToken for the account must be disabled.

(macOS 10.13 or later only) To enable the account for FileVault 2, a valid management account with a SecureToken is required to add the new user.

For more information on SecureToken, see the following documentation from Apple:

Administering Local Accounts Using a Policy

  1. Log in to Jamf Pro.

  2. Click Computers at the top of the page.

  3. Click Policies.

  4. Click New images/download/thumbnails/48234708/Icon_New_Button.png .

  5. Use the General payload to configure basic settings for the policy, including the trigger and execution frequency.
    For an overview of the settings in the General payload, see General Payload.

  6. Select the Local Accounts payload and click Configure.

  7. Choose an action from the Action pop-up menu.

  8. Configure the action using the options on the pane.

  9. Use the Restart Options payload to configure settings for restarting computers.
    For more information, see Restart Options Payload.

  10. Click the Scope tab and configure the scope of the policy.
    For more information, see Scope.

  11. (Optional) Click the Self Service tab and make the policy available in Self Service.
    For more information, see Making Items Available to Users in Jamf Self Service for macOS.

  12. (Optional) Click the User Interaction tab and configure messaging and deferral options.
    For more information, see User Interaction.

  13. Click Save.

The policy runs on computers in the scope the next time they check in with Jamf Pro and meet the criteria in the General payload.

Administering Local Accounts Using Jamf Remote

  1. Open Jamf Remote and authenticate to the Jamf Pro server.

  2. Click Site images/download/thumbnails/48234708/Site.png and choose a site.
    This determines which items are available in Jamf Remote.

    Note: This button is only displayed if you have a site configured in Jamf Pro and are logged in with a Jamf Pro user account that has full access or access to multiple sites.

  3. In the list of computers, select the checkbox for each computer on which you want to administer local accounts.

  4. Click the Accounts tab.

  5. Click Create, Reset Password, or Delete.

  6. Configure the action using the options in the window that appears.

  7. Click the Restart tab and configure settings for restarting computers.

  8. Do one of the following:

    • To immediately perform the tasks on the specified computers, click Go.

    • To schedule the tasks to take place at a specific day and time, click Schedule and choose a day and time. Then click Schedule again.

Related Information

For related information, see the following sections in this guide:

  • Smart Groups
    You can create smart computer groups based on local user accounts.

  • About Policies
    Learn the basics about policies.

  • Managing Policies
    Find out how to create a policy, view the plan and status of a policy, and view and flush policy logs.

  • Administering the Management Account
    Find out how to change or reset the management account password, and enable or disable the management account for FileVault 2.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.