I don't believe there is a Casper way (other than scripting, adding the script to the JSS and creating a policy) to do what you describe. In order to delete an account using the accounts tab you need to know the short name of the account.<div>
<br></div><div>The script you shared seems like the way to go. You'll still need to demote any unauthorized admins. You can adapt your script to do that. I believe the operative bit will be:<br><br></div><div>dscl . delete /Groups/admin GroupMembership <shortname></div>
<div><br></div><div>You can loop through /Users, as in your script. It is possible that someone may have been smart enough to move their home directory, so I might want to look into looping through the local directory service instead of the /Users folder.</div>
<div><br></div><div>Change $keep to your local admin account, and remove the numbered account exclusion since you want to catch "08jdoe" if it is an admin account.</div><div><br></div><div>As far as not being the boss, I think most of us are in or have been in that situation. I suggest getting to know the person/people who *are* the bosses. Write up sensible policies and get the boss(es) to sign them. I mean print them out and have them actually put a pen to paper. A policy document signed by the CIO/Dean/Director/Boss holds more weight than you or I do.</div>
<div><br></div><div>This also gives you a great, socially acceptable way out of confrontational situations where users demand something out of scope. With such a signed policy, you should be held to it as well, since the boss approved it. Then when you're asked to violate it, you can simply say that you're not authorized to grant the request. Provide them with a copy of the policy document and tell them that this policy was enacted by "The Boss" (whomever signed the document). If that doesn't stop them from trying to get you to violate the policy, you can say something to the effect of "I understand, technology should serve the goals of the organization. If you feel strongly that an exception or change to the policy is required in this case, I can schedule a time when we can meet with "The Boss" to discuss it." I've found that most of the time, this ends the discussion.</div>
<div><br></div><div><br></div><div>----------<br>Miles A. Leacy IV<br><br> Certified System Administrator 10.4<br> Certified Technical Coordinator 10.5<br> Certified Trainer<br>Certified Casper Administrator<br>----------<br>
voice: 1-347-277-7321<br><a href="mailto:miles.leacy@themacadmin.com">miles.leacy@themacadmin.com</a><br><a href="http://www.themacadmin.com">www.themacadmin.com</a><br><br><br>
<br><br><div class="gmail_quote">2008/12/9 Thomas Larkin <span dir="ltr"><<a href="mailto:tlarki@kckps.org">tlarki@kckps.org</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div>
<p style="margin-bottom:0;margin-top:0">
<font face="Lucida Grande" size="3">Well, where to start....</font> </p>
<br>
<p style="margin-bottom:0;margin-top:0">
<font face="Lucida Grande" size="3">My environment is huge. Over 50 buildings, over 30 servers over 6,000 clients with most of them being Macbooks. It is a hassle to manage at times. I am not in charge of everything nor am I management, so it puts me in a gray area at times when managing the client machines. We have local user accounts that have been created that I want gone, however I am not sure what the names of those user accounts are. We had a password leak and some users promoted their own accounts to admin, and I want to demote them. We have a naming convention that starts with their graduation year. So any user account under /Users that does not start with a number can be wiped, with one exception, the generic local account we created for local log ins just in case the network went down. That account is called student. I am trying to script something that will scan /Users and wipe out anything that does not start with a number. I got some help from a bit more advanced shell scripter than myself and came up with this so far:</font> </p>
<br>
<p style="margin-bottom:0;margin-top:0">
<font face="Lucida Grande" size="3">#! /bin/sh</font> </p>
<br>
<p style="margin-bottom:0;margin-top:0">
<font face="Lucida Grande" size="3">keep="student"</font> </p>
<br>
<p style="margin-bottom:0;margin-top:0">
<font face="Lucida Grande" size="3">cd /Users</font> </p>
<p style="margin-bottom:0;margin-top:0">
<font face="Lucida Grande" size="3">[[ $(pwd) != "/Users" ]] && echo warning cd failed && exit 2</font> </p>
<br>
<p style="margin-bottom:0;margin-top:0">
<font face="Lucida Grande" size="3">for a in [^0-9]* ; do # only loop over names that doen't start with a number</font> </p>
<p style="margin-bottom:0;margin-top:0">
<font face="Lucida Grande" size="3"> [[ "$a" == "$keep" ]] && continue # skip that extra local account</font> </p>
<p style="margin-bottom:0;margin-top:0">
<font face="Lucida Grande" size="3"> /usr/bin/dscl . -delete /Users/$a # get rid of it</font> </p>
<p style="margin-bottom:0;margin-top:0">
<font face="Lucida Grande" size="3">echo 'removing user files'</font> </p>
<br>
<p style="margin-bottom:0;margin-top:0">
<font face="Lucida Grande" size="3">/bin/rm -rf /Users/$a</font> </p>
<br>
<p style="margin-bottom:0;margin-top:0">
<font face="Lucida Grande" size="3">done</font> </p>
<br>
<p style="margin-bottom:0;margin-top:0">
<font face="Lucida Grande" size="3">I haven't had a lot of time to test it but it basically kills everything in /Users except those that start with a number. My next questions are, is there a Casper solution to this, and how can I demote local accounts with Casper from a local admin to a mobile or managed local user?</font> </p>
<br>
<p style="margin-bottom:0;margin-top:0">
<font face="Lucida Grande" size="3">Thoughts?</font> </p>
<br>
<p style="margin-bottom:0;margin-top:0">
<font face="Lucida Grande" size="3">Thanks for anyone brave enough to read this.</font> </p>
<br>
<p style="margin-bottom:0;margin-top:0">
<font face="Lucida Grande" size="3">Tom</font>
</p>
</div>
<br>_______________________________________________<br>
Casper mailing list<br>
<a href="mailto:Casper@list.jamfsoftware.com">Casper@list.jamfsoftware.com</a><br>
<a href="http://list.jamfsoftware.com/mailman/listinfo/casper" target="_blank">http://list.jamfsoftware.com/mailman/listinfo/casper</a><br>
<br></blockquote></div><br></div>