#!/bin/bash
#This script will demote the logged in user from an admin to a standard account
#Test this script thoroughly on demo computers to verify tasks before proceeding via Policy
loggedInUser=`stat -f%Su /dev/console`
accountType=`dscl . -read /Users/"$loggedInUser" 2> /dev/null | grep UniqueID | cut -c 11-`
if [[ "$accountType" -gt "500" ]]; then
echo "demoting account to standard: $loggedInUser"
echo "UniqueID:$accountType"
sudo /usr/sbin/dseditgroup -o edit -d "$loggedInUser" -t user admin
else
echo "Must be local admin account: $loggedInUser"
fi
exit 0