Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/articles/delete-macos-local-user-accounts-with-fleet.md

2.7 KiB
Raw Permalink Blame History

Delete macOS local user accounts with Fleet

The recommended method for deleting local user accounts on macOS is to use dscl, such as dscl . -delete /Users/testing, or sysadminctl, such as sysadminctl -deleteUser testing -secure.

To use these commands with scripts in Fleet, fleetd (the Fleet agent that runs scripts from Fleet) requires full disk access permissions to delete users. Grant full disk access to fleetd using our configuration profile.

Once that profile has been installed on the device, dscl . -delete and sysadminctl -deleteUser will work. dscl won't show any output, but sysadminctl output will look like this:

2026-02-17 16:33:59.516 sysadminctl[1558:31022] Killing all processes for UID 502
2026-02-17 16:33:59.518 sysadminctl[1558:31022] Securely removing testing's home at /Users/testing
2026-02-17 16:33:59.562 sysadminctl[1558:31022] Deleting Public share point for testing
2026-02-17 16:33:59.602 sysadminctl[1558:31022] Deleting record for testing
2026-02-17 16:33:59.606 sysadminctl[1558:31022] AOSKit INFO: Disabling BTMM for user, no zone found for uid=502, usersToZones: (null)

Otherwise, if you try running these commands without approving full disk access for fleetd, dscl will output this error:

<main> delete status: eDSPermissionError
<dscl_cmd> DS Error: -14120 (eDSPermissionError)

script execution error: exit status 40

sysadminctl will output an error too:

2026-02-17 16:30:59.669 sysadminctl[1488:28502] Killing all processes for UID 502
2026-02-17 16:30:59.671 sysadminctl[1488:28502] Securely removing testing's home at /Users/testing
2026-02-17 16:30:59.701 sysadminctl[1488:28502] Deleting Public share point for testing
2026-02-17 16:30:59.724 sysadminctl[1488:28502] Deleting record for testing
2026-02-17 16:30:59.730 sysadminctl[1488:28502] AOSKit INFO: Disabling BTMM for user, no zone found for uid=502, usersToZones: (null)
2026-02-17 16:30:59.784 sysadminctl[1488:28502] ### Error:-14120 File:/AppleInternal/Library/BuildRoots/4~B5FeugCYEZd96X3zqIDDgARflf-BD_RFQt1Gd-I/Library/Caches/com.apple.xbs/Sources/Admin/DSRecord.m Line:563

This deletes the user's home folder, but the account isn't fully removed. This can be confirmed in the Users & Groups pane of System Settings. Granting full disk access to fleetd before running these commands will result in a fully removed account though.