Changing admin users to standard users

[dougancil]

Is there a way to change an admin user to a standard user with command line? I have a group of users that have admin rights that don't need them and I'd like to be able to write a script that can change them en masse rather than doing them one by one.

Any information is appreciated.

Thank you

Doug

 

[Giaguara]

If there's a way to do that with Terminal, it'd be with dscl command. Man is your best friend for the syntax.
Man dscl for 10.6.6 http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man1/dscl.1.html
(for newer, or for the matching your system, man dscl locally)

 

[BjarneDM]

You'll have to change two setting in the admin group using dscl

i7:~ root# dscl . -read /Groups/admin
AppleMetaNodeLocation: /Local/Default
GeneratedUID: ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000050
GroupMembers: A1BF2DF2-3FB7-4B74-81C0-A4A880C30513 F6B02F13-A8B6-4B73-A122-626C6B23B579
GroupMembership: temp root
Password: *
PrimaryGroupID: 80
RealName: Administrators
RecordName: admin BUILTIN\Administrators
RecordType: dsRecTypeStandard:Groups
SMBSID: S-1-5-32-544

The two values that need to be changed are GroupMembers and GroupMembership

First of all, you'll have to determine the GeneratedUID for the users you want to stay in the admin group. You can do that individually or en masse:

i7:~ root# dscl . -read /Users/<short-user-name> GeneratedUID
i7:~ root# dscl . -list /Users GeneratedUID

Then use the following commands to change the values:

dscl . -create /Groups/admin GroupMembers <GeneratedUID> ...
dscl . -create /Groups/admin GroupMembership <RecordName> ...