How to hide user accounts from the log-in window in OS X
If you would like to keep a specific user account more private, you can do so by removing it from the log-in window in OS X.
When you create a user account in OS X, it will by default show as as a clickable icon in the log-in screen; however, there are ways you can hide a user account, if desired. For example, if you would like to keep all accounts on your system as managed and restricted accounts, then you can keep your administrative account from showing up in the log-in window.
There are several ways to do this:
- Require name and password at log-on
The first and foremost is to forgo using a graphical approach to account identification at the log-in window. This means that people will have to type their usernames and passwords to authenticate instead of clicking their account icons and then authenticating. While this will serve to keep user accounts hidden, it does add a small inconvenience for users. To do this, simply check the "Name and password" option in the "Login Options" section of the Users & Groups system preferences.
- Set the UID to 1000
The next option is to set the user's ID to 1000. In OS X, an account with UID 1000 will not show at the log-in window, so you can select one to use and set its ID so it will not display. To do this, go to the Users & Groups system preferences, authenticate, and then right-click an account to select the advanced options. In here, you should see a set of fields with some details about the account, such as its home folder, name aliases, and its UID. Simply change the UID value for the account to 1000, apply the changes, and the account should no longer show up at the log-in screen.
- Specifically hide users
The OS X log-in window supports an option to hide specific accounts; however, this is not configurable from the OS X system preferences. Instead, you will need to use the following Terminal command to target specific usernames to hide (note this command may span multiple lines here, but should be a single line entered in the Terminal, with a single space between "HiddenUsersList," "-array-add," and the specified user names):
sudo defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add user1 user2
To do this, open the Terminal and copy and paste the above command, changing the "user1" and "user2" components to the short usernames of the accounts you want to hide (you can specify one or more accounts, separated by spaces). When you execute the command, you will be prompted for your password, which will not show when typed. Note that the "sudo" command will only run from administrative accounts.
Once usernames have been added, you can add more by repeating the above command. You can remove the list of usernames with the following command:
sudo defaults delete /Library/Preferences/com.apple.loginwindow HiddenUsersList
This will revert this specific log-in window setting to its default by removing the list instead of simply clearing the usernames in it.
While hiding the user account from the log-in window is one step to hiding an account, keep in mind that its home folder will still be in the /Users directory by default. You can(such as the hidden "/var" folder on the system, or even a custom hidden folder) to keep it sequestered. Additionally, you can simply hide the home folder for the account by targeting it with the following command (replace "USERNAME" with the name of the home folder to be hidden):
sudo chflags hidden /Users/USERNAME
To undo this command, repeat it but change the flag "hidden" to "nohidden," and the folder should reappear immedately.