How to Create a Hidden Local Admin on Macs

Written by Kyle Randolph on July 21, 2017

Share This Article

For various reasons, it can be beneficial to have the ability to assist a user without them seeing your admin account when they log in. With JumpCloud, this can be completed easily. The following guide demonstrates this, by showing how to hide a user account on the macOS login window directly from JumpCloud.

To begin this process, you will want to create a new local admin account on your machine. This can be done within the JumpCloud Admin Console by leveraging system/user binding. Once you have created your new JumpCloud managed account, you are now ready to hide the account from your end-user’s view. This can be achieved using JumpCloud’s Commands feature. For this example, we are going to write a short command that will hide the newly created JumpCloud admin from the login window. In addition, we will run a second command to hide the JumpCloud administrator’s home directory from the Finder.

Hiding a Local Admin Account

The following steps demonstrate how you can modify a JumpCloud Admin account on a machine to hide the account and the admin’s home directory from the user.

  1. Create a new command. This can be done by going to the Commands Tab, and selecting the ‘+’ icon in the upper right hand corner.
  2. Next, select that this command is going to be run against Macs, and that we will be running this command as ‘root’.
  3. Then, in the Command text field, you will want to enter the following:
    dscl . create /Users/JUMPCLOUD_ADMIN_USERNAME IsHidden 1; chflags hidden /Users/JUMPCLOUD_ADMIN_USERNAME

    (It is important to note that you will want to change JUMPCLOUD_ADMIN_USERNAME to the actual username of the JumpCloud Admin that was provisioned to the system.)

  4. Select the system(s) that have the administrative account present under the Systems tab in the Commands aside, and then select ‘save command’.
  5. Once you’ve verified that the user is bound to the system, and that you’ve successfully updated the command, you’re ready to run it! This can be done by selecting ‘run now’.

Once the command has successfully run against your system(s), you will now see that the Admin account is not viewable in the login window list, or in the User’s directory. However, you will still be able to sign into this account by entering in the admin’s username at the login window to access the machine.

With this complete, you can now assist your users on their machines without them being able to see your admin account.

If you have any questions, feel free to reach out to us at [email protected].

Kyle Randolph

Kyle Randolph works as a Product Manager at JumpCloud, the world's first Directory-as-a-Service. Kyle enjoys learning about emerging technologies and cloud computing.

Continue Learning with our Newsletter