Tag Archives: OS X Server

Creating a Hidden Admin User

This is a quick tutorial on some of the basics of creating a hidden user. This tutorial is the information that I used to create my Administrative Install Package that I put on all machines that I service. At a workplace people get very possessive of their machines (even though its not really “theirs”). Many of my users didn’t like seeing another username in the login screen. But I can’t service a hundred computers when I have no access into them. This way, I have full access and none of the users know. This is specific to Leopard, and I believe this also works with Snow Leopard. However, Tiger uses the netinfo command line instead, which is similar in its interactions, but not entirely the same.



When OS X server starts up, it starts the serialnumberd process. The job of this daemon is to check the network to make sure that you are not using the serial number on more than one machine. It does this by using multicast communication so that all other OS X servers can talk to each other. When this daemon starts up it creates a rule in the built-in firewall (ipfw). The rule is set to allow all ip traffic to port 626, which is the port that the serial number daemon communication uses. The rule is set to number 00001, the highest priority in the ipfw so that any other rules that you have in effect don’t affect its capabilities. If you remove the allow rule and replace it with a deny rule, serialnumberd doesn’t like it. You will not be able to access the features in server admin because it will tell you that you have a serial number conflict. If you have a site license however, then serialnumberd doesn’t care how many times a serial number is used, so it doesn’t need to add the firewall rule.