Version 2023.9.12-1

• Added second confirmation prompt for --secure-token-admin-password-prompt when creating a package (using the --package option). Confirmation is not needed when creating a user on the current system (not creating a package) since the password is verified against the existing admin user account.
• Other minor improvements and typos corrected throughout.

Previous Release Notes from Version 2023.3.15-1

• Added new GUI parameter to both --password-prompt and --secure-token-admin-password-prompt options to be able to accept passwords via AppleScript dialog prompt instead of only a command line prompt in the Terminal. Passing CLI or no parameter does a command line prompt like previous versions. Also improved command line prompts with better username display, better error handling and allowing reattempts without the script exiting.
• Added new command line installation technique by running curl mkuser.sh | sh which downloads and runs the new download-and-install-mkuser.sh script. This new technique is fully explained in the new INSTALLATION section of the README.
• Added new technique to download and run mkuser from a temporary location without fully installing it by running sh <(curl run.mkuser.sh) [MKUSER OPTIONS AND PARAMETERS] which downloads and runs the new download-and-run-mkuser.sh script. This new technique is fully explained in the new INSTALLATION section of the README.
• Added undocumented --only-check-locally-for-conflicting-names option for special and rare cases described in #7.
• Improved behavior to not prompt for confirmation when run from a non-interactive script (--do-not-confirm no longer needs to be specified). Now, confirmation will only be prompted when run in an interactive Terminal.
• Improved short option parsing when a parameter is required and the short option and parameter are combined with no delimiter.
• Improved --help output to use less to display a scrolling view that starts at the top instead of outputting the full help in the Terminal all at once which left you at the bottom.
• Improved package installation to preserve the mkuser scripts code signature when installed on macOS 10.15 Catalina and older.
• Lots of other bug fixes, improvements, and typos corrected throughout.

Version 2023.3.15-1

• Added new GUI parameter to both --password-prompt and --secure-token-admin-password-prompt options to be able to accept passwords via AppleScript dialog prompt instead of only a command line prompt in the Terminal. Passing CLI or no parameter does a command line prompt like previous versions. Also improved command line prompts with better username display, better error handling and allowing reattempts without the script exiting.
• Added new command line installation technique by running curl mkuser.sh | sh which downloads and runs the new download-and-install-mkuser.sh script. This new technique is fully explained in the new INSTALLATION section of the README.
• Added new technique to download and run mkuser from a temporary location without fully installing it by running sh <(curl run.mkuser.sh) [MKUSER OPTIONS AND PARAMETERS] which downloads and runs the new download-and-run-mkuser.sh script. This new technique is fully explained in the new INSTALLATION section of the README.
• Added undocumented --only-check-locally-for-conflicting-names option for special and rare cases described in #7.
• Improved behavior to not prompt for confirmation when run from a non-interactive script (--do-not-confirm no longer needs to be specified). Now, confirmation will only be prompted when run in an interactive Terminal.
• Improved short option parsing when a parameter is required and the short option and parameter are combined with no delimiter.
• Improved --help output to use less to display a scrolling view that starts at the top instead of outputting the full help in the Terminal all at once which left you at the bottom.
• Improved package installation to preserve the mkuser scripts code signature when installed on macOS 10.15 Catalina and older.
• Lots of other bug fixes, improvements, and typos corrected throughout.

Previous Release Notes from Version 2022.9.30-1

• Improved security when deobfuscating passwords within a user creation package while it's being installed by using native Objective-C methods rather than external binary commands for more steps of the deobfuscation process to reduce the possible attack surface of a MITM/spoofing-type attack and also by validating the Code Signing Requirements of more external binary commands used throughout the entire user creation process.
• Fixed possible sporadic and inconsistent bug when deobfuscating passwords within a user creation package while it's being installed which was previously worked around by doing multiple re-attempts. The root cause of this issue has now been found and fixed to avoid the issue altogether rather than just working around it when it happened. Password deobfuscation should now be more reliable and faster in some cases.
• Other bug fixes, improvements, and typos corrected throughout.

Version 2022.9.30-1

• Improved security when deobfuscating passwords within a user creation package while it's being installed by using native Objective-C methods rather than external binary commands for more steps of the deobfuscation process to reduce the possible attack surface of a MITM/spoofing-type attack and also by validating the Code Signing Requirements of more external binary commands used throughout the entire user creation process.
• Fixed possible sporadic and inconsistent bug when deobfuscating passwords within a user creation package while it's being installed which was previously worked around by doing multiple re-attempts. The root cause of this issue has now been found and fixed to avoid the issue altogether rather than just working around it when it happened. Password deobfuscation should now be more reliable and faster in some cases.
• Other bug fixes, improvements, and typos corrected throughout.

Previous Release Notes from Version 2022.9.2-1

• Improved security when deobfuscating passwords within a user creation package while it's being installed by validating the Code Signing Requirements of all external binary commands used during the passwords deobfuscation process with native C functions of the Security framework.
• Improved the --automatic-login option on future versions of macOS so that if the new built-in technique fails for some reason the previous manual technique is used instead so that auto-login can still be setup properly in all possible scenarios.
• Removed the previously deprecated --fd3-secure-token-admin-password option. The more secure --fd-secure-token-admin-password option should be used instead (which was added at the same time the other option was deprecated 6 months ago).
• Other minor improvements.

Previous Release Notes from Version 2022.4.21-1

• Improved setting the user password by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was set by dsimport along with all the other user attributes. But, that required the plain text password momentarily exist in a temporary file since dsimport can only load a new user record from a file. Now, no password is specified during initial user creation with dsimport and is securely set after creation with the new method.
• Improved validating the user password by checking it against the current systems global password content policy before creation by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was only checked against the default requirements of being 4 characters or more, or blank/empty if FileVault is not enabled. Now, the password will also be checked against any custom password content policies that may be set.
• Other minor improvements and typos corrected throughout.

Version 2022.9.2-1

• Improved security when deobfuscating passwords within a user creation package while it's being installed by validating the Code Signing Requirements of all external binary commands used during the passwords deobfuscation process with native C functions of the Security framework.
• Improved the --automatic-login option on future versions of macOS so that if the new built-in technique fails for some reason the previous manual technique is used instead so that auto-login can still be setup properly in all possible scenarios.
• Removed the previously deprecated --fd3-secure-token-admin-password option. The more secure --fd-secure-token-admin-password option should be used instead (which was added at the same time the other option was deprecated 6 months ago).
• Other minor improvements.

Previous Release Notes from Version 2022.4.21-1

• Improved setting the user password by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was set by dsimport along with all the other user attributes. But, that required the plain text password momentarily exist in a temporary file since dsimport can only load a new user record from a file. Now, no password is specified during initial user creation with dsimport and is securely set after creation with the new method.
• Improved validating the user password by checking it against the current systems global password content policy before creation by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was only checked against the default requirements of being 4 characters or more, or blank/empty if FileVault is not enabled. Now, the password will also be checked against any custom password content policies that may be set.
• Other minor improvements and typos corrected throughout.

Version 2022.8.3-1

• Improved the --package option when running on macOS 10.15 Catalina and older so that Universal user creation packages are created that can be installed on Apple Silicon Macs without requiring Rosetta.
• Improved the --automatic-login option on future versions of macOS so that new built-in techniques are used to setup auto-login instead of needing to do all the setup manually within mkuser (specifically the kcpassword obfuscation/encoding).
• Fixed a bug when the --automatic-login option was specified where setting up auto-login would fail for some specific passwords because they would not get obfuscated/encoded correctly into the kcpassword file. See brunerd/macAdminTools#2 for more information.
• Fixed an issue on future versions of macOS where a random default user picture would not get chosen properly (when the --picture option was omitted) which would result in the user being created with no picture (as if the --no-picture option was specified).
• Other minor improvements and typos corrected throughout.

Previous Release Notes from Version 2022.4.21-1

• Improved setting the user password by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was set by dsimport along with all the other user attributes. But, that required the plain text password momentarily exist in a temporary file since dsimport can only load a new user record from a file. Now, no password is specified during initial user creation with dsimport and is securely set after creation with the new method.
• Improved validating the user password by checking it against the current systems global password content policy before creation by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was only checked against the default requirements of being 4 characters or more, or blank/empty if FileVault is not enabled. Now, the password will also be checked against any custom password content policies that may be set.
• Other minor improvements and typos corrected throughout.

Previous Release Notes from Version 2022.3.2-1

• Added new --fd-secure-token-admin-password option whose parameter is a file descriptor path (via process substitution) containing the password (like <(echo '<PASS>')) and deprecated --fd3-secure-token-admin-password (which will be removed in a future version) since an "fd3" here-string (3<<<) is not as secure since it momentarily creates a temporary file.
• Improved deobfuscating and handling passwords in packages to be more secure by never using here-strings which momentarily create temporary files.
• Other minor bug fixes, improvements, and typos corrected throughout.

Version 2022.7.8-1

• Added new functionality on MDM enrolled systems running macOS 11 Big Sur and newer to automatically and securely create and escrow the Bootstrap Token when mkuser is used to create the first administrator (when internet is available and the MDM supports the Bootstrap Token).
• Added new BOOTSTRAP TOKEN NOTES section to the help information for --prevent-secure-token-on-big-sur-and-newer to explain Bootstrap Token behavior in relation to Secure Tokens and the new mkuser functionality described above (thanks to Mark Buffington for helping to clarify Bootstrap Token details).
• Improved the --stdin-password option by adding a warning when a here-string (<<<) is used instead of the more secure echo and pipe (|) which does not create a temporary file in the filesystem.
• Improved the --fd-secure-token-admin-password option by adding an extra check to be certain process substitution is being used which does not create a temporary file in the filesystem.
• Improved the --login-shell and --picture options by converting specified relative paths to absolute paths.
• Other minor improvements and typos corrected throughout.

Previous Release Notes from Version 2022.4.21-1

• Improved setting the user password by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was set by dsimport along with all the other user attributes. But, that required the plain text password momentarily exist in a temporary file since dsimport can only load a new user record from a file. Now, no password is specified during initial user creation with dsimport and is securely set after creation with the new method.
• Improved validating the user password by checking it against the current systems global password content policy before creation by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was only checked against the default requirements of being 4 characters or more, or blank/empty if FileVault is not enabled. Now, the password will also be checked against any custom password content policies that may be set.
• Other minor improvements and typos corrected throughout.

Previous Release Notes from Version 2022.3.2-1

• Added new --fd-secure-token-admin-password option whose parameter is a file descriptor path (via process substitution) containing the password (like <(echo '<PASS>')) and deprecated --fd3-secure-token-admin-password (which will be removed in a future version) since an "fd3" here-string (3<<<) is not as secure since it momentarily creates a temporary file.
• Improved deobfuscating and handling passwords in packages to be more secure by never using here-strings which momentarily create temporary files.
• Other minor bug fixes, improvements, and typos corrected throughout.

Version 2022.6.21-1

• Improved the --login-shell and --picture options by following symbolic links for the specified paths.
• Fixed an issue where a default user picture may not get set properly (when chosen randomly or when specified by name or path with the --picture option) on future versions of macOS resulting in the user having no picture.
• Other minor bug fixes and improvements throughout.

Previous Release Notes from Version 2022.4.21-1

• Improved setting the user password by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was set by dsimport along with all the other user attributes. But, that required the plain text password momentarily exist in a temporary file since dsimport can only load a new user record from a file. Now, no password is specified during initial user creation with dsimport and is securely set after creation with the new method.
• Improved validating the user password by checking it against the current systems global password content policy before creation by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was only checked against the default requirements of being 4 characters or more, or blank/empty if FileVault is not enabled. Now, the password will also be checked against any custom password content policies that may be set.
• Other minor improvements and typos corrected throughout.

Previous Release Notes from Version 2022.3.2-1

• Added new --fd-secure-token-admin-password option whose parameter is a file descriptor path (via process substitution) containing the password (like <(echo '<PASS>')) and deprecated --fd3-secure-token-admin-password (which will be removed in a future version) since an "fd3" here-string (3<<<) is not as secure since it momentarily creates a temporary file.
• Improved deobfuscating and handling passwords in packages to be more secure by never using here-strings which momentarily create temporary files.
• Other minor bug fixes, improvements, and typos corrected throughout.

Version 2022.6.1-1

• Improved the --skip-setup-assistant option (when specified with no parameter or both or firstBootOnly) to exit first boot Setup Assistant when mkuser is run after the system has already started and is still running Setup Assistant (or Language Chooser) on first boot. This could happen when mkuser is being run by a LaunchDaemon on first boot, or during MDM Automated Device Enrollment. Previously, the user would be created but Setup Assistant would not be skipped after user creation finished unless the computer was manually restarted (or Setup Assistant could be completed which would require manually creating another user). Now, Setup Assistant (or Language Chooser) will be exited if still running when mkuser finishes creating the user and the login window will be loaded with the newly created user available to log into. Issue #3 is closed with this improvement.
• Fixed a sporadic and inconsistent bug that could cause password deobfuscation to occasionally fail when installing a user creation package.
• Other minor improvements and typos corrected throughout.

Previous Release Notes from Version 2022.4.21-1

• Improved setting the user password by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was set by dsimport along with all the other user attributes. But, that required the plain text password momentarily exist in a temporary file since dsimport can only load a new user record from a file. Now, no password is specified during initial user creation with dsimport and is securely set after creation with the new method.
• Improved validating the user password by checking it against the current systems global password content policy before creation by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was only checked against the default requirements of being 4 characters or more, or blank/empty if FileVault is not enabled. Now, the password will also be checked against any custom password content policies that may be set.
• Other minor improvements and typos corrected throughout.

Previous Release Notes from Version 2022.3.2-1

• Added new --fd-secure-token-admin-password option whose parameter is a file descriptor path (via process substitution) containing the password (like <(echo '<PASS>')) and deprecated --fd3-secure-token-admin-password (which will be removed in a future version) since an "fd3" here-string (3<<<) is not as secure since it momentarily creates a temporary file.
• Improved deobfuscating and handling passwords in packages to be more secure by never using here-strings which momentarily create temporary files.
• Other minor bug fixes, improvements, and typos corrected throughout.

Version 2022.5.24-1

• Improved the --home-folder option validation by only allowing home folders directly within "/Users/" or "/private/var/" (or "/var/") as well as the special "/dev/null" path or on an external drive (but that is not recommended).
• Improved sharing the Public folder in some rare cases of possible conflicts including when an existing SharePoint for the same Public folder already exists from a previously deleted user. Previously, the Public folder would not be shared. Now, the old orphaned SharePoint will be deleted and a new SharePoint will be created with up-to-date information for the Public folder of the newly created user.
• Other minor improvements and typos corrected throughout.

Previous Release Notes from Version 2022.4.21-1

• Improved setting the user password by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was set by dsimport along with all the other user attributes. But, that required the plain text password momentarily exist in a temporary file since dsimport can only load a new user record from a file. Now, no password is specified during initial user creation with dsimport and is securely set after creation with the new method.
• Improved validating the user password by checking it against the current systems global password content policy before creation by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was only checked against the default requirements of being 4 characters or more, or blank/empty if FileVault is not enabled. Now, the password will also be checked against any custom password content policies that may be set.
• Other minor improvements and typos corrected throughout.

Previous Release Notes from Version 2022.3.2-1

• Added new --fd-secure-token-admin-password option whose parameter is a file descriptor path (via process substitution) containing the password (like <(echo '<PASS>')) and deprecated --fd3-secure-token-admin-password (which will be removed in a future version) since an "fd3" here-string (3<<<) is not as secure since it momentarily creates a temporary file.
• Improved deobfuscating and handling passwords in packages to be more secure by never using here-strings which momentarily create temporary files.
• Other minor bug fixes, improvements, and typos corrected throughout.

Version 2022.5.4-1

• Improved validating user input for a few options to catch some edge cases that could result in unwanted control characters being allowed, or some rare combinations of characters not being recognized as literal strings resulting in no value being set.
• Improved the --secure-token-admin-password option validation to allow passwords shorter than 4 characters which could be allowed by some custom password policy. The password will still be validated to be correct for the specified --secure-token-admin-account-name option.
• Other bug fixes, improvements, and typos corrected throughout.

Previous Release Notes from Version 2022.4.21-1

• Improved setting the user password by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was set by dsimport along with all the other user attributes. But, that required the plain text password momentarily exist in a temporary file since dsimport can only load a new user record from a file. Now, no password is specified during initial user creation with dsimport and is securely set after creation with the new method.
• Improved validating the user password by checking it against the current systems global password content policy before creation by using native Objective-C methods of the OpenDirectory framework. This technique is secure and never reveals the password in the process list or writes it to the filesystem. Previously, the password was only checked against the default requirements of being 4 characters or more, or blank/empty if FileVault is not enabled. Now, the password will also be checked against any custom password content policies that may be set.
• Other minor improvements and typos corrected throughout.

Previous Release Notes from Version 2022.3.2-1

• Added new --fd-secure-token-admin-password option whose parameter is a file descriptor path (via process substitution) containing the password (like <(echo '<PASS>')) and deprecated --fd3-secure-token-admin-password (which will be removed in a future version) since an "fd3" here-string (3<<<) is not as secure since it momentarily creates a temporary file.
• Improved deobfuscating and handling passwords in packages to be more secure by never using here-strings which momentarily create temporary files.
• Other minor bug fixes, improvements, and typos corrected throughout.