Local Accounts

You can use a policy to perform the following local account management tasks:

  • Create a new account.

  • Delete an existing account.

  • Reset the password for an existing account.

  • Disable an existing account for FileVault.

When you create a new account, you can also do the following:

  • Specify the password and password hint.

  • Specify a location for the home directory.

  • Configure the account picture.

  • Give the user administrator privileges to the computer.

  • Enable the account for FileVault.

When you delete an existing account, you can permanently delete the home directory or specify an archive location.

Administering Local Accounts Using a Policy


(macOS 10.14 or later only) To reset an existing account password, the SecureToken for the account must be disabled.

(macOS 10.13 or later only) To enable the account for FileVault, a valid management account with a SecureToken is required to add the new user.

For more information on SecureToken, see Use secure token, bootstrap token, and volume ownership in deployments in Apple Platform Deployment.

  1. In Jamf Pro, click Computers at the top of the sidebar.
  2. Click Policies in the sidebar.
  3. Click New .
  4. Use the General payload to configure basic settings for the policy, including the trigger and execution frequency.
  5. Select the Local Accounts payload and click Configure.
  6. Choose an action from the Action pop-up menu.
  7. Configure the action using the options on the pane.
  8. Use the Restart Options payload to configure settings for restarting computers.
  9. Click the Scope tab and configure the scope of the policy.
  10. (Optional) Click the Self Service tab and make the policy available in Self Service.
  11. (Optional) Click the User Interaction tab and configure messaging and deferral options.
  12. Click Save .

The policy runs on computers in the scope the next time they check in with Jamf Pro and meet the criteria in the General payload.