Local Administrative Account on macOS Devices - End User Guide

This document describes the means by which approved local administrative accounts are created on managed macOS devices.

Your macOS device must:

You must:

You must not:

Creating your account

Should your application for administrative privileges be approved, IT will set your device to enable creation of your administrative account via a function in the Jamf Self Service app.

Once you have received a technician's confirmation of this, do the following to create your account:

  • Launch the Jamf Self Service app.
  • Navigate to the Functions section.
  • Locate the "Create local admin account" item.
  • Click the Create button.
  • Read the conditions of use, plus those laid out in KB0017214 and on your approved application.
  • Only if you agree to all conditions, click the Create button again.
Jamf Self Service
  • You may be prompted to approve control of System Events by Jamf. Click OK to allow this.
System Events
  • Before creating your password, ensure that you have one in mind which fully complies with complexity rules.
  • If the password does not meet the requirement, your account will be created, but the password will not work. You will require direct IT assistance to perform a password reset before your new account can be used.
Create password
  • Take care to ensure the verification matches the first password entry.
  • If the passwords do not match, your account may not be created and you will require IT assistance either to make the Self Service function available again, or to reset the password if the account was created.
Verify password
  • Click OK to proceed.
Check for account
  • Check in System Settings (System Preferences in older macOS versions) / Users & Groups. You should see a new account with the expected name, showing "Admin" rather than "Standard".
  • If System Settings was already running, you may need to relaunch it in order for your account to show.
Users & Groups
  • Launch the Terminal app and run su followed by your new account name e.g.

su uol123-admin

  • If your password has been set successfully, and you have entered it correctly when prompted by the su command, Terminal will not re-prompt for the password and will switch you to your new account within that window.
  • Close Terminal following a successful test of your new credentials.