talkingmoose · July 29, 2025 13:53
diff --git a/DeleteLocalUsers.zsh b/DeleteLocalUsers.zsh
 #!/bin/zsh

 <<ABOUT_THIS_SCRIPT
 -----------------------------------------------------------------------

 	Written by:William Smith
 	Professional Services Engineer
 	Jamf
 	[email protected]
 	https://gist.github.com/talkingmoose/67e5fb6b62855a169eca13e5efb3ba35
 	
 	Originally posted: Feburary 21, 2017
 	Updated: February 21, 2017
 	Last updated: July 29, 2025

 	Purpose: Run this script as part of a Jamf Pro policy to delete
 	unwanted local user accounts from a Mac. The script will not affect
 	Active Directory mobile accounts.

 	Except where otherwise noted, this work is licensed under
 	http://creativecommons.org/licenses/by/4.0/

 	"If candy is dandy but liquor is quicker, may I recommend NyQuil?"

 INSTRUCTIONS

 	1) Log in to the Jamf Pro server.
 	2) Navigate to Settings > Computer Management > Scripts.
 	3) Click the " + " button to create a new script with these settings:
 	   Display Name: Delete local users
 	   Category: <your choice>
 	   Notes: Deletes local non-mobile and non-Active Directory user accounts.
 	   Script: < Copy and paste this entire script >
 	4) Edit the "keepUsers" variable below to include accounts that shouldn't
 	   be deleted (e.g. admin account)
 	5) Save the script.
 	6) Add the script to a policy.
 	7) Consult the Jamf Pro policy log for results of the script.
 	
 -----------------------------------------------------------------------
 ABOUT_THIS_SCRIPT

 # EDIT LIST: local user accounts to keep, separating them with a space
 keepUsers=(talkingmoose mmoose)
 echo "Keeping users: $keepUsers."

 # get currently logged in user
 # cannot delete an active user
 currentUser=$( /usr/bin/stat -f "%Su" /dev/console )
 echo "Currently logged in user: $currentUser."

 # create a list of local usernames (non-AD) with UIDs between 500 and 1024
 userList=( $( /usr/bin/dscl /Local/Default -list /Users uid | /usr/bin/awk '$2 >= 501 && $2 <= 1024 { print $1 }' ) )
 echo "Local non-AD users with UIDs between 500 and 1024:\n$userList"

 for aUser in $userList
 do
 	echo "Evaluating user account $aUser"
 	
 	# checks to see if the user is currently logged in
 	if [[ "$keepUsers" != *$aUser* && $aUser != "$currentUser" ]] ; then
 		homeFolder=$( /usr/bin/dscl . read "/Users/$aUser" NFSHomeDirectory | /usr/bin/awk -F " " '{ print $2 }' )
 		/usr/bin/dscl . delete "/Users/$aUser" # comment this line to get results of the script without making changes
 		/bin/rm -Rf "$homeFolder"  # comment this line to get results of the script without making changes
 		echo "Deleting user: $aUser."
 	else
 		echo "Keeping user: $aUser"
 	fi
 done

 exit 0
	#!/bin/zsh

	<<ABOUT_THIS_SCRIPT
	-----------------------------------------------------------------------

	Written by:William Smith
	Professional Services Engineer
	Jamf
	[email protected]
	https://gist.github.com/talkingmoose/67e5fb6b62855a169eca13e5efb3ba35

	Originally posted: Feburary 21, 2017
	Updated: February 21, 2017
	Last updated: July 29, 2025

	Purpose: Run this script as part of a Jamf Pro policy to delete
	unwanted local user accounts from a Mac. The script will not affect
	Active Directory mobile accounts.

	Except where otherwise noted, this work is licensed under
	http://creativecommons.org/licenses/by/4.0/

	"If candy is dandy but liquor is quicker, may I recommend NyQuil?"

	INSTRUCTIONS

	1) Log in to the Jamf Pro server.
	2) Navigate to Settings > Computer Management > Scripts.
	3) Click the " + " button to create a new script with these settings:
	Display Name: Delete local users
	Category: <your choice>
	Notes: Deletes local non-mobile and non-Active Directory user accounts.
	Script: < Copy and paste this entire script >
	4) Edit the "keepUsers" variable below to include accounts that shouldn't
	be deleted (e.g. admin account)
	5) Save the script.
	6) Add the script to a policy.
	7) Consult the Jamf Pro policy log for results of the script.

	-----------------------------------------------------------------------
	ABOUT_THIS_SCRIPT

	# EDIT LIST: local user accounts to keep, separating them with a space
	keepUsers=(talkingmoose mmoose)
	echo "Keeping users: $keepUsers."

	# get currently logged in user
	# cannot delete an active user
	currentUser=$( /usr/bin/stat -f "%Su" /dev/console )
	echo "Currently logged in user: $currentUser."

	# create a list of local usernames (non-AD) with UIDs between 500 and 1024
	userList=( $( /usr/bin/dscl /Local/Default -list /Users uid \| /usr/bin/awk '$2 >= 501 && $2 <= 1024 { print $1 }' ) )
	echo "Local non-AD users with UIDs between 500 and 1024:\n$userList"

	for aUser in $userList
	do
	echo "Evaluating user account $aUser"

	# checks to see if the user is currently logged in
	if [[ "$keepUsers" != $aUser && $aUser != "$currentUser" ]] ; then
	homeFolder=$( /usr/bin/dscl . read "/Users/$aUser" NFSHomeDirectory \| /usr/bin/awk -F " " '{ print $2 }' )
	/usr/bin/dscl . delete "/Users/$aUser" # comment this line to get results of the script without making changes
	/bin/rm -Rf "$homeFolder" # comment this line to get results of the script without making changes
	echo "Deleting user: $aUser."
	else
	echo "Keeping user: $aUser"
	fi
	done

	exit 0