Local Accounts

You can use a policy to perform the following local account management tasks:

  • Create a new account.

  • Delete an existing account.

  • Reset the password for an existing account.

  • Disable an existing account for FileVault.

When you create a new account, you can also do the following:

  • Specify the password and password hint.

  • Specify a location for the home directory.

  • Configure the account picture.

  • Give the user administrator privileges to the computer.

  • Enable the account for FileVault.

When you delete an existing account, you can permanently delete the home directory or specify an archive location.

Administering Local Accounts Using a Policy


(macOS 10.14 or later only) To reset an existing account password, the SecureToken for the account must be disabled.

(macOS 10.13 or later only) To enable the account for FileVault, a valid management account with a SecureToken is required to add the new user.

For more information on SecureToken, see Using SecureToken in Apple's Deployment Reference for Mac.


  1. Log in to Jamf Pro.

  2. Click Computers at the top of the page.

  3. Click Policies.

  4. Click New images/download/thumbnails/81935890/Icon_New_Button.png .

  5. Use the General payload to configure basic settings for the policy, including the trigger and execution frequency.

  6. Select the Local Accounts payload and click Configure.

  7. Choose an action from the Action pop-up menu.

  8. Configure the action using the options on the pane.

  9. Use the Restart Options payload to configure settings for restarting computers.

  10. Click the Scope tab and configure the scope of the policy.

  11. (Optional) Click the Self Service tab and make the policy available in Self Service.

  12. (Optional) Click the User Interaction tab and configure messaging and deferral options.

  13. Click Save images/download/thumbnails/81531754/floppy-disk.png .

The policy runs on computers in the scope the next time they check in with Jamf Pro and meet the criteria in the General payload.

Related Information

For related information, see the following sections in this guide:

  • Smart Groups
    You can create smart computer groups based on local user accounts.

  • About Policies
    Learn the basics about policies.

  • Policy Management
    Find out how to create a policy, view the plan and status of a policy, and view and flush policy logs.

  • Management Accounts
    Find out how to change or reset the management account password, and enable or disable the management account for FileVault.

For related information about creating local accounts using Jamf Connect, see the Account Creation section of the Jamf Connect Administrator's Guide.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.