Remove a User, Keep the Applications

Sept. 1, 2019: This article was updated due to an error. Thank you to Graham Pugh for catching it.

Over the course of my career working on Macs, I have come across many different situations. Some happen repeatedly, and some are one-and-done’s.

One reoccurring issue was when someone would go through me to pick up a new computer and alongside it, purchase some security software from me at the same time. Because of this, I would need to set up a user to install the security applications. I did, however, want the users to be able to set up their own accounts, with their own preferences and password of choice. The less passwords I know, the better. Not because I'd give them away, but I believe that passwords are personal, and they shouldn't be shared with anybody.

Because of this, I wanted to be able to install software, then allow the customers to set up their information. That’s where "usernuke" comes in.

This script allows users or Apple Technicians to reset their user account without losing root information (Applications, System, /Library).

To run this script, there are a few, relatively-simple instructions.

If you have a new Mac with a T2 Security Chip, follow these instructions from HT201573:

1. Start your Mac up in macOS Recovery, by holding Cmd + R when turning on your Mac

2. Select Disk Utility for the Utilities window

3. Select which volume you’re using, click File > Mount from the menu bar. Enter your administrator password if prompted

4. Quit Disk Utility

5. Click Terminal from the Utilities menu in the toolbar

6. Follow the instructions below beginning at 3a

If you have an earlier Mac, follow these:

1. Copy this script (usernuke.sh) to the root of the Startup disk hard drive. In that same area, you should see other folders like (Users, Library, System, Applications).

2. You then reboot your computer. The caveat is that before the machine powers on, hold “Cmd + S” keys to boot into Single-User mode. There will be a bunch of text that shows up on the display. Give it a moment to finish loading.

3. Then, you will type three commands. Each will take a moment or two to run, so be patient.

a. First, type:

  •  /sbin/fsck -fy
  • This checks the filesystem to make sure that the disk is verified

b. Once the filesystem check is complete, type:

  • /sbin/mount -uw /
  • This mounts your hard drive and allows you to access it the "User Nuke" from Single-User mode

c. Last, fire off the script by typing

  • sh /usernuke
  • You will be prompted to verify that you want to delete the users, then the machine will reboot at the end.

You can download the script here


The source code for the usernuke.sh bash script is as follows:

 #!/bin/bash

/sbin/mount -uw /

echo "Found the following users:"
ls -1 /Users/ | grep -v "Shared" | grep -v "Deleted Users" | grep -v "\."
declare -a userarray
userarray=( `ls /Users/ | grep -v "Shared" | grep -v "Deleted Users" | grep -v "\."` )
for (( i = 0 ; i < $ ; i++ ));
do 
       echo -n "Delete user $ (Y/N)?: "
           read -n 1 answer
           case "$answer" in
        y|Y)
           rm -Rf "/Users/$/"
           echo ""
                   echo "$ deleted."
        ;;
        n|N)
            echo ""
                    echo "$ NOT deleted."
        ;;
        *)
            echo ""
                    echo "$answer unknown. Please answer Y or N." 
            let i=(i-1)
        ;;
           esac     
   echo ""
done
rm -Rf "/Users/Deleted Users/"
if [ -d /var/db/dslocal ]; then
     rm -Rf /var/db/dslocal
     mkdir -p /var/db/dslocal/nodes
     cp -Rp /System/Library/DirectoryServices/DefaultLocalDB/Default /var/db/dslocal/nodes/
     cp -Rp /System/Library/DirectoryServices/DefaultLocalDB/dsmappings /var/db/dslocal/
fi
rm -rf /private/var/db/netinfo
rm -rf /private/var/db/openldap
rm -rf /private/var/db/samba
rm -rf /private/var/db/dhcpclient
mv /var/db/.AppleSetupDone /var/db/.RunLanguageChooserToo
rm -rf /Library/Caches
rm -rf /Library/Logs
rm -rf /Library/Preferences.
rm /usernuke

echo "User Nuke successfully removed user databases."
echo ""
echo "Press any key to shutdown."
read -n 1 nothing
/sbin/fsck -fy
shutdown -h now

The Scam of A-Tech Network

Have you ever seen a pop-up with a phone number saying you have a "virus?" So have we. Take a dive with us into a company called A-Tech Network, and how they will attempt to scam you out of all of your money.

Read More