Home > Mac administration, Mac OS X, MacAdmin 101, macOS > MacAdmin 101: Creating local user accounts with CreateUserPkg

MacAdmin 101: Creating local user accounts with CreateUserPkg

As part of the process of deploying Macs, Mac admins may want to add one or more local user accounts with a pre-determined password. The reasons for this may include the following:

  • Setting up a local administrator account.
  • Setting up a “loaner” user account for a pool of loaner laptops.
  • Setting up a local user account that automatically logs in at startup for a Mac used as a kiosk.
  • Setting up a generic “student” account for use in a school’s computer lab.

These accounts can be set up using a script, but that usually means having the password for the local account stored in the script in a way that anyone with access to the script can easily read the password. An alternative to this approach is to use CreateUserPkg.app, a open source utility written by Per Olofsson. CreateUserPkg.app generates installer packages which can be used on Mac OS X 10.5.x and later to create local user accounts and securely set the associated account’s password. For more information, see below the jump.

Using CreateUserPkg.app

1. Install CreateUserPkg.app from one of the following sources:

GitHub: http://magervalp.github.io/CreateUserPkg/

Mac App Store: https://itunes.apple.com/us/app/createuserpkg/id540673598?mt=12

2. Launch CreateUserPkg.app

Screen Shot 2016 08 23 at 8 02 53 PM

3. Set up the local account information as desired. Once all the desired settings are chosen, click the Save Package button.

Note: The User ID number should be set to a numeric value not used by any other account’s UID on the Mac at the time of installation.

Screen Shot 2016 08 23 at 8 04 03 PM

5. Choose where to save the package and click the Save button.

Screen Shot 2016 08 23 at 8 04 28 PM

Screen Shot 2016 08 23 at 8 05 05 PM

Testing CreateUserPkg-generated installers

Once the package has been built, test it by taking the CreateUserPkg-generated installer package and install it on a Mac which does not have the local account set up on it. The end result should be that the local account is set up on the Mac with the desired password and configured with the specified settings and account rights.

Screen Shot 2016 08 23 at 9 46 26 PM

How CreateUserPkg.app works

CreateUserPkg.app creates two files for the local user account, which allows the account information to work on Mac OS X 10.5.x and later. The local account’s information is written to a plist file named with the account’s username and stored in the directory listed below:


Screen Shot 2016 08 23 at 9 49 21 PM


An example account plist is shown below:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&gt;
<plist version="1.0">
<string>Username Goes Here</string>

view raw
hosted with ❤ by GitHub

For compatibility with Mac OS X 10.5.x and 10.6.x, the account’s password is stored in encrypted format in files named with the Generated UID of the account. These files are then stored in the directory listed below:


Screen Shot 2016 08 23 at 9 52 52 PM

Note: These files were only needed for Mac OS X 10.5.x and 10.6.x; on later versions of OS X and macOS, the passwords were stored in the account’s plist file in /private/var/db/dslocal/nodes/Default/users. On Mac OS X 10.7.x and later, the password information is automatically converted to the proper format when the user account is logged into for the first time.

Once the two files are generated by CreateUserPkg.app, the utility then generates an installer package and post-installation script to install the two files into their proper places. Once the CreateUserPkg-generated package is installed, the account’s files are put into the necessary places and the installer’s postinstall script handles any necessary granting of admin rights or auto-login settings.

An example postinstall script from a CreateUserPkg-generated installer package is shown below:

# postinstall for local account install
PlistArrayAdd() {
# Add $value to $array_name in $plist_path, creating if necessary
local plist_path="$1"
local array_name="$2"
local value="$3"
local old_values
local item
old_values=$(/usr/libexec/PlistBuddy -c "Print :$array_name" "$plist_path" 2>/dev/null)
if [[ $? == 1 ]]; then
# Array doesn't exist, create it
/usr/libexec/PlistBuddy -c "Add :$array_name array" "$plist_path"
# Array already exists, check if array already contains value
for item in $old_values; do
unset IFS
if [[ "$item" =~ ^\ *$value$ ]]; then
# Array already contains value
return 0
unset IFS
# Add item to array
/usr/libexec/PlistBuddy -c "Add :$array_name: string \"$value\"" "$plist_path"
ACCOUNT_TYPE=ADMIN # Used by read_package.py.
PlistArrayAdd "$3/private/var/db/dslocal/nodes/Default/groups/admin.plist" users "username_goes_here" && \
PlistArrayAdd "$3/private/var/db/dslocal/nodes/Default/groups/admin.plist" groupmembers "96DC0604-5AFA-4970-A404-380BBA399BFD"
if [ "$3" == "/" ]; then
# we're operating on the boot volume
# kill local directory service so it will see our local
# file changes — it will automatically restart
/usr/bin/killall DirectoryService 2>/dev/null || /usr/bin/killall opendirectoryd 2>/dev/null
exit 0

view raw
hosted with ❤ by GitHub

  1. LN Tech
    February 1, 2017 at 9:02 pm

    I’ve used AutoDMG to create a basic install, with two user packages created by CreateUserPkg.app

    The first user is a local administrator account, and everything is good; the second user is a generic student account. The user account is created but not the home folder, so I can’t log in with the student account.

    I’ve also tried creating additional user accounts with CreateUserPkg.app and running the package from the local admin account, with the same result. The accounts are created (they’re in System Preferences/Users & Groups), but they have no home folder, and I can’t log in with the account.

    Any suggestions?

    • Jeremy
      April 18, 2017 at 9:01 am

      CreateUserPkg isn’t being maintained at the moment, and in any case wouldn’t provide support here.
      The project is hosted by GitHub, see if you can get help from someone there: https://github.com/MagerValp/CreateUserPkg

  2. Celeb
    December 8, 2017 at 8:28 pm

    Hi, Is there an update to CreateUserPkg that is compatible with High Sierra that is packaged the same way? I know that Greg Neagle has info on github. Sure would be great if a step-by-step could be provided much in the same way that Rich has spelled out here.
    Thanks !

    • Rodney
      August 4, 2018 at 11:29 am

      I still use it without setting password. I set the password via a script. Deploystudio install package and first boot run script to set password.

      Munki I install package with post install script to set password.

      I’m testing it with bootstrappr using outset to set password on first boot. With outset you have to give it time to run the scripts before first login.

      The great thing is that the user icon is retained. This is the main reason I still use this software.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: