Deleting Unwanted User Profiles from macOS and Windows using JumpCloud

Deleting Unwanted User Profiles from macOS and Windows using JumpCloud


Deleting Unwanted User Profiles from macOS and Windows using JumpCloud

Overview

This guide provides steps to identify and remove unwanted/suspended user profiles from macOS and Windows systems through JumpCloud Commands. It ensures that only the desired user accounts remain active, improving system hygiene and security.

MacOS Instructions

  1. Go to the JumpCloud Admin Portal.

  2. Navigate to Commands โ†’ + Add New Command.

  3. Select the macOS checkbox.

  4. In the Command section, paste the below script.

๐Ÿ”„ IMPORTANT: Replace "username_to_revoke" with the username you want to retain/enable.

๐Ÿงพ Script (macOS Bash)

#!/bin/bash

# Set 'armed' to true if you want the script to actually delete users
armed=false

# Define the specific user you want to enable
target_user="username_to_revoke"

## DO NOT MODIFY BELOW THIS LINE ##

# Enable (reactivate) the specific user first
echo "Enabling user: $target_user"

# Remove the DisabledUser flag to enable the account
sudo dscl . -delete "/Users/$target_user" AuthenticationAuthority ";DisabledUser;"
if [[ $? -eq 0 ]]; then
    echo "User $target_user has been successfully enabled."
else
    echo "Failed to enable user $target_user or user is already enabled."
fi

# Now proceed to find and (optionally) delete all disabled users
IFS=$'\n'
for x in $(dscl . -list /Users); do
    if dscl . -read "/Users/$x/" | grep -q DisabledUser; then
        if [[ ! "$x" =~ "_jumpcloudserviceaccount" ]]; then
            echo "Found disabled user account: $x."
            if [[ "$armed" == true ]]; then
                echo "Deleting disabled user account: $x"
                sudo sysadminctl -deleteUser "$x"
            fi
        fi
    fi
done

exit 0

โš ๏ธ Tips:

  • Set armed=true to actually delete the unwanted users.

  • Always test the script with armed=false to review the output before deleting.

Windows Instructions

  1. Go to the JumpCloud Admin Console.

  2. Navigate to Commands โ†’ + Add New Command.

  3. Check the box for Windows and ensure PowerShell is selected.

  4. Paste the following script in the Command section.

๐Ÿ”„ IMPORTANT: Replace "user name" with the user account(s) you want to preserve.

๐Ÿงพ Script (PowerShell)

# User(s) to keep
$usersToKeep = @("user name")

# Get all local users
$allUsers = Get-LocalUser

foreach ($user in $allUsers) {
    if ($usersToKeep -notcontains $user.Name) {
        Write-Host "Disabling user: $($user.Name)"
        Disable-LocalUser -Name $user.Name

        Write-Host "Deleting user: $($user.Name)"
        Remove-LocalUser -Name $user.Name
    } else {
        Write-Host "Preserving user: $($user.Name)"
    }
}

๐Ÿ“ Notes:

  • Ensure you have the necessary admin rights on devices.

  • Use caution before setting scripts to delete accounts โ€“ review and test before going live.

  • Monitor the Command results in JumpCloud for success/failure status.

โœ… Summary

Using these tailored scripts, IT administrators can efficiently clean up user profiles on macOS and Windows while preserving necessary accounts โ€” all through JumpCloud Commands.