You can use a policy to perform the following local account management tasks:
Create a new account.
Delete an existing account.
Reset the password for an existing account.
Disable an existing account for FileVault.
When you create a new account, you can also do the following:
Specify the password and password hint.
Specify a location for the home directory.
Configure the account picture.
Give the user administrator privileges to the computer.
Enable the account for FileVault.
When you delete an existing account, you can permanently delete the home directory or specify an archive location.
Creating Hidden SSH Accounts Using the jamf binary
You can use the jamf binary on managed computers to create a hidden user account that does not appear on the login window, macOS account settings, or fast user switching. You can then log into this account remotely via SSH, providing a convenient avenue for performing management tasks or troubleshooting.
To create a hidden user account, open Terminal on the target computer and execute the following command, modifying it for your environment:
/usr/local/bin/jamf createAccount -username <netadmin> -realname <"Network Administrator"> -password p@55w0rd -home </var/netadmin> -hiddenUser -admin -secureSSH