I wanted to create a local admin user during our zerotouch macOS deployment in our Jamf environment. Problem was that i wanted to avoid admin user with generic password that employees might not change. So how to randomise password during zerotouch deployment?

I decided to create a script that enduser could execute via Jamf’s Self Service. Script would prompt user for a password and then create the admin user.

Deploy following script to your MDM solution’s Self Service, scope it to computers. What you might want to change is the text displayed to user: “Give your local admin a password. At least 1 big, 1 special and 8 characters minimum!” and local user’s username localadmin on the last line.

#!/bin/sh

read -r -d '' applescriptCode <<'EOF'
   set dialogText to text returned of (display dialog "Give your local admin a password. At least 1 big, 1 special and 8 characters minimum!" default answer "")
   return dialogText
EOF

dialogText=$(osascript -e "$applescriptCode");

sudo sysadminctl -addUser localadmin -password $dialogText -admin

Once you have deployed the script and scoped it to proper computers, you should be able to execute the script:

And voilà! Admin user is created with a password which employee have defined.