<html>
<head>
<style type="text/css">
<!--
body { line-height: normal; font-variant: normal; margin-right: 4px; margin-left: 4px; margin-top: 4px; margin-bottom: 1px }
p { margin-top: 0; margin-bottom: 0 }
-->
</style>
</head>
<body>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Lucida Grande" size="3">Well, where to start....</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Lucida Grande" size="3">My environment is huge. Over 50 buildings, over 30 servers over 6,000 clients with most of them being Macbooks. It is a hassle to manage at times. I am not in charge of everything nor am I management, so it puts me in a gray area at times when managing the client machines. We have local user accounts that have been created that I want gone, however I am not sure what the names of those user accounts are. We had a password leak and some users promoted their own accounts to admin, and I want to demote them. We have a naming convention that starts with their graduation year. So any user account under /Users that does not start with a number can be wiped, with one exception, the generic local account we created for local log ins just in case the network went down. That account is called student. I am trying to script something that will scan /Users and wipe out anything that does not start with a number. I got some help from a bit more advanced shell scripter than myself and came up with this so far:</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Lucida Grande" size="3">#! /bin/sh</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Lucida Grande" size="3">keep="student"</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Lucida Grande" size="3">cd /Users</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Lucida Grande" size="3">[[ $(pwd) != "/Users" ]] && echo warning cd failed && exit 2</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Lucida Grande" size="3">for a in [^0-9]* ; do # only loop over names that doen't start with a number</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Lucida Grande" size="3"> [[ "$a" == "$keep" ]] && continue # skip that extra local account</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Lucida Grande" size="3"> /usr/bin/dscl . -delete /Users/$a # get rid of it</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Lucida Grande" size="3">echo 'removing user files'</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Lucida Grande" size="3">/bin/rm -rf /Users/$a</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Lucida Grande" size="3">done</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Lucida Grande" size="3">I haven't had a lot of time to test it but it basically kills everything in /Users except those that start with a number. My next questions are, is there a Casper solution to this, and how can I demote local accounts with Casper from a local admin to a mobile or managed local user?</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Lucida Grande" size="3">Thoughts?</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Lucida Grande" size="3">Thanks for anyone brave enough to read this.</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font face="Lucida Grande" size="3">Tom</font>
</p>
</body>
</html>