Skip to content

macOS local admin account: Force standard account #41781

Open
Open
macOS local admin account: Force standard account#41781
Assignees
melpike
Labels
#g-mdmMDM product group:productProduct Design department (shows up on 🦢 Drafting board)storyA user story defining an entire feature~macos-workstationProduct maturity category~product-maturityContributes to Fleet's product maturity goals for the current year
Milestone
4.87.0
@melpike

Description

@melpike
melpike
opened on Mar 16, 2026

Goal

User story
As an IT admin,
I want the option for the macOS local admin account to be created first
so that it can force the second account (end user) to be a standard account.

Changes

Product

  • UI changes: TODO
  • CLI (fleetctl) usage changes: TODO
  • YAML changes: TODO
  • REST API changes: TODO
  • Fleet's agent (fleetd) changes: TODO
  • Fleet server configuration changes: TODO
  • Exposed, public API endpoint changes: TODO
  • fleetdm.com changes: TODO
  • GitOps mode UI changes: TODO
  • GitOps generation changes: TODO
  • Activity changes: TODO
  • Permissions changes: TODO
  • Changes to paid features or tiers: TODO
  • My device and fleetdm.com/better changes: TODO
  • Usage statistics: TODO
  • Other reference documentation changes: TODO
  • First draft of test plan added
  • Once shipped, requester has been notified
  • Once shipped, dogfooding issue has been filed

Engineering

  • Test plan is finalized
  • Contributor API changes: TODO
  • Feature guide changes: TODO
  • Database schema migrations: TODO
  • Load testing: TODO
  • Pre-QA load test: TODO
  • Load testing/osquery-perf improvements: TODO
  • This is a premium only feature: Yes / No

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

Risk assessment

  • Requires testing in a hosted environment: TODO
  • Requires load testing: TODO
  • Risk level: Low / High TODO
  • Risk description: TODO

Test plan

Make sure to go through the list and consider all events that might be related to this story, so we catch edge cases earlier.

Core flow

  • TODO
  • TODO
  • TODO

UI

  • Verify that all UI changes specified in the Figma wireframes are correctly implemented
  • Verify expected UI states (loading, empty, error states if applicable)

API

  • Test all API endpoints added or modified in the API changes section of this issue
  • Verify error handling for invalid inputs where applicable

GitOps (generate + run)

  • Configure the feature through the UI and run fleetctl generate-gitops
  • Confirm the generated .yml includes the expected fields (compare with YAML changes in the Product section)
  • Modify the generated .yml and run fleetctl gitops
  • Confirm the configuration updates correctly in Fleet
  • Enable GitOps mode and verify the feature behaves correctly

Permissions

  • Verify role restrictions are applied correctly for global roles
  • Verify role restrictions are applied correctly for fleet-level roles

Edge cases

  • TODO
  • TODO
  • TODO

Supplemental testing

Testing notes

Confirmation

  1. Engineer: Added comment to user story confirming successful completion of test plan (include any special setup, test data, or configuration used during development/testing if applicable).
  2. QA: Added comment to user story confirming successful completion of test plan.

Metadata

Metadata

Assignees

Labels

#g-mdmMDM product group:productProduct Design department (shows up on 🦢 Drafting board)storyA user story defining an entire feature~macos-workstationProduct maturity category~product-maturityContributes to Fleet's product maturity goals for the current year

Type

No type

Projects

🦢 Drafting

Status

🥚 Ready
🗺️ Release planning

Status

No status

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions