Hi,
It there a way to not allow users to sync their device with their personal iCloud? Ie not allowing icloud drive.
Thanks
Jared
Page 1 / 2
@j_allenbrand Uncheck this box in the restrictions payload (functionality tab) for a config profile.
More importantly for me...is there a way to detect if someone is already using iCloud Drive?
Use this EA
#!/bin/bash
# Purpose: to grab iCloud Drive Desktop and Document Sync status.
# If Drive has been setup previously then values should be: "Enabled" or "Not Enabled"
# If Drive has NOT been set up previously then values will be: "iCloud Account Enabled, Drive Not Enabled" or "iCloud Account Disabled"
#Variable to determine major OS version
OSver="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 2)"
#Determine OS is 10.12 or greater as Doc Sync is only available on 10.12+
if [ "$OSver" -ge "12" ]; then
#Path to PlistBuddy
plistBud="/usr/libexec/PlistBuddy"
#Determine logged in user
loggedInUser=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
#Variable to determine status of iCloud Drive Desktop & Documents setting
iCloudDesktop=$(defaults read /Users/$loggedInUser/Library/Preferences/com.apple.finder.plist FXICloudDriveDesktop)
#Determine whether user is logged into iCloud
if [[ -e "/Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist" ]]; then
iCloudStatus=$("$plistBud" -c "print :Accounts:0:LoggedIn" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
#Determine whether user has iCloud Drive enabled. Value should be either "False" or "True"
if [[ "$iCloudStatus" = "true" ]]; then
DriveStatus=$("$plistBud" -c "print :Accounts:0:Services:2:Enabled" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
if [[ "$DriveStatus" = "true" ]]; then
if [[ "$iCloudDesktop" = "1" ]]; then
DocSyncStatus="Enabled"
else
DocSyncStatus="Not Enabled"
fi
fi
if [[ "$DriveStatus" = "false" ]] || [[ -z "$DriveStatus" ]]; then
DocSyncStatus="iCloud Account Enabled, Drive Not Enabled"
fi
fi
if [[ "$iCloudStatus" = "false" ]] || [[ -z "$iCloudStatus" ]]; then
DocSyncStatus="iCloud Account Disabled"
fi
else
DocSyncStatus="iCloud Account Disabled"
fi
else
DocSyncStatus="OS Not Supported"
fi
/bin/echo "<result>$DocSyncStatus</result>"@ddcdennisb Thanks. This will work for most of my systems but it appears to only pull from the logged in user. Ideally it would be nice to pull from all users on the computer and report that as we have some multiuser systems.
@ddcdennisb where do you get the results from?
@j_allenbrand , that script is an Extension Attribute. So it would be listed under which ever category you put it in.
@DBrowning, Do you know if this script will be updated to be compatible with Big Sur? Currently, when this script runs, it returns "OS Not Supported" next to the extension attribute. Or is there something that needs to be modified in the code for this change?
@Rye easy change to the script to include Big Sur. Below is the updated EA that I use.
#!/bin/bash
# Purpose: to grab iCloud Drive Desktop and Document Sync status.
# If Drive has been setup previously then values should be: "Enabled" or "Not Enabled"
# If Drive has NOT been set up previously then values will be: "iCloud Account Enabled, Drive Not Enabled" or "iCloud Account Disabled"
#Variable to determine major OS version
OSverMinor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 2)"
OSverMajor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 1)"
#Determine OS is 10.12 or greater as Doc Sync is only available on 10.12+
if [ "$OSverMinor" -ge "12" ] || [ "$OSverMajor" -eq "11" ]; then
#Path to PlistBuddy
plistBud="/usr/libexec/PlistBuddy"
#Determine logged in user
loggedInUser=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
#Variable to determine status of iCloud Drive Desktop & Documents setting
iCloudDesktop=$(defaults read /Users/$loggedInUser/Library/Preferences/com.apple.finder.plist FXICloudDriveDesktop)
#Determine whether user is logged into iCloud
if [[ -e "/Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist" ]]; then
iCloudStatus=$("$plistBud" -c "print :Accounts:0:LoggedIn" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
#Determine whether user has iCloud Drive enabled. Value should be either "False" or "True"
if [[ "$iCloudStatus" = "true" ]]; then
DriveStatus=$("$plistBud" -c "print :Accounts:0:Services:2:Enabled" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
if [[ "$DriveStatus" = "true" ]]; then
if [[ "$iCloudDesktop" = "1" ]]; then
DocSyncStatus="Enabled"
else
DocSyncStatus="Not Enabled"
fi
fi
if [[ "$DriveStatus" = "false" ]] || [[ -z "$DriveStatus" ]]; then
DocSyncStatus="iCloud Account Enabled, Drive Not Enabled"
fi
fi
if [[ "$iCloudStatus" = "false" ]] || [[ -z "$iCloudStatus" ]]; then
DocSyncStatus="iCloud Account Disabled"
fi
else
DocSyncStatus="iCloud Account Disabled"
fi
else
DocSyncStatus="OS Not Supported"
fi
/bin/echo "<result>$DocSyncStatus</result>"@DBrowning Thanks!
@Rye easy change to the script to include Big Sur. Below is the updated EA that I use.
#!/bin/bash
# Purpose: to grab iCloud Drive Desktop and Document Sync status.
# If Drive has been setup previously then values should be: "Enabled" or "Not Enabled"
# If Drive has NOT been set up previously then values will be: "iCloud Account Enabled, Drive Not Enabled" or "iCloud Account Disabled"
#Variable to determine major OS version
OSverMinor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 2)"
OSverMajor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 1)"
#Determine OS is 10.12 or greater as Doc Sync is only available on 10.12+
if [ "$OSverMinor" -ge "12" ] || [ "$OSverMajor" -eq "11" ]; then
#Path to PlistBuddy
plistBud="/usr/libexec/PlistBuddy"
#Determine logged in user
loggedInUser=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
#Variable to determine status of iCloud Drive Desktop & Documents setting
iCloudDesktop=$(defaults read /Users/$loggedInUser/Library/Preferences/com.apple.finder.plist FXICloudDriveDesktop)
#Determine whether user is logged into iCloud
if [[ -e "/Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist" ]]; then
iCloudStatus=$("$plistBud" -c "print :Accounts:0:LoggedIn" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
#Determine whether user has iCloud Drive enabled. Value should be either "False" or "True"
if [[ "$iCloudStatus" = "true" ]]; then
DriveStatus=$("$plistBud" -c "print :Accounts:0:Services:2:Enabled" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
if [[ "$DriveStatus" = "true" ]]; then
if [[ "$iCloudDesktop" = "1" ]]; then
DocSyncStatus="Enabled"
else
DocSyncStatus="Not Enabled"
fi
fi
if [[ "$DriveStatus" = "false" ]] || [[ -z "$DriveStatus" ]]; then
DocSyncStatus="iCloud Account Enabled, Drive Not Enabled"
fi
fi
if [[ "$iCloudStatus" = "false" ]] || [[ -z "$iCloudStatus" ]]; then
DocSyncStatus="iCloud Account Disabled"
fi
else
DocSyncStatus="iCloud Account Disabled"
fi
else
DocSyncStatus="OS Not Supported"
fi
/bin/echo "<result>$DocSyncStatus</result>"Works like a charm as always.
@Rye easy change to the script to include Big Sur. Below is the updated EA that I use.
#!/bin/bash
# Purpose: to grab iCloud Drive Desktop and Document Sync status.
# If Drive has been setup previously then values should be: "Enabled" or "Not Enabled"
# If Drive has NOT been set up previously then values will be: "iCloud Account Enabled, Drive Not Enabled" or "iCloud Account Disabled"
#Variable to determine major OS version
OSverMinor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 2)"
OSverMajor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 1)"
#Determine OS is 10.12 or greater as Doc Sync is only available on 10.12+
if [ "$OSverMinor" -ge "12" ] || [ "$OSverMajor" -eq "11" ]; then
#Path to PlistBuddy
plistBud="/usr/libexec/PlistBuddy"
#Determine logged in user
loggedInUser=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
#Variable to determine status of iCloud Drive Desktop & Documents setting
iCloudDesktop=$(defaults read /Users/$loggedInUser/Library/Preferences/com.apple.finder.plist FXICloudDriveDesktop)
#Determine whether user is logged into iCloud
if [[ -e "/Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist" ]]; then
iCloudStatus=$("$plistBud" -c "print :Accounts:0:LoggedIn" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
#Determine whether user has iCloud Drive enabled. Value should be either "False" or "True"
if [[ "$iCloudStatus" = "true" ]]; then
DriveStatus=$("$plistBud" -c "print :Accounts:0:Services:2:Enabled" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
if [[ "$DriveStatus" = "true" ]]; then
if [[ "$iCloudDesktop" = "1" ]]; then
DocSyncStatus="Enabled"
else
DocSyncStatus="Not Enabled"
fi
fi
if [[ "$DriveStatus" = "false" ]] || [[ -z "$DriveStatus" ]]; then
DocSyncStatus="iCloud Account Enabled, Drive Not Enabled"
fi
fi
if [[ "$iCloudStatus" = "false" ]] || [[ -z "$iCloudStatus" ]]; then
DocSyncStatus="iCloud Account Disabled"
fi
else
DocSyncStatus="iCloud Account Disabled"
fi
else
DocSyncStatus="OS Not Supported"
fi
/bin/echo "<result>$DocSyncStatus</result>"I tested with this script as an extension attribute and it does indeed work for 12.5.1.
Hello,
I added a line to help with macOS Ventura 13 which is now:
OSverMajor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 1)"
= 13
but the results are not accurate as I have iCloud and iCloud sync active. Maybe you can help me sort this out.
result is:
We do not have Big Sur in our environment so the 2 work perfectly for Monterey:
OSverMinor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 2)"
if f "$OSverMinor" -ge "12" ] || | "$OSverMajor" -eq "11" ]; then
Thank you for your help!
Hi did you put this script under extension attributes or somewhere else?
Hi did you put this script under extension attributes or somewhere else?
It is under extension attributes
hmm I can't seem to get it to show up
hmm I can't seem to get it to show up
I used the second script posted and set it under Extension Attributes...
hmm I can't seem to get it to show up
I assume you ran a recon on at least one laptop... to pick up the extension attribute?
@Rye easy change to the script to include Big Sur. Below is the updated EA that I use.
#!/bin/bash
# Purpose: to grab iCloud Drive Desktop and Document Sync status.
# If Drive has been setup previously then values should be: "Enabled" or "Not Enabled"
# If Drive has NOT been set up previously then values will be: "iCloud Account Enabled, Drive Not Enabled" or "iCloud Account Disabled"
#Variable to determine major OS version
OSverMinor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 2)"
OSverMajor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 1)"
#Determine OS is 10.12 or greater as Doc Sync is only available on 10.12+
if [ "$OSverMinor" -ge "12" ] || [ "$OSverMajor" -eq "11" ]; then
#Path to PlistBuddy
plistBud="/usr/libexec/PlistBuddy"
#Determine logged in user
loggedInUser=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
#Variable to determine status of iCloud Drive Desktop & Documents setting
iCloudDesktop=$(defaults read /Users/$loggedInUser/Library/Preferences/com.apple.finder.plist FXICloudDriveDesktop)
#Determine whether user is logged into iCloud
if [[ -e "/Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist" ]]; then
iCloudStatus=$("$plistBud" -c "print :Accounts:0:LoggedIn" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
#Determine whether user has iCloud Drive enabled. Value should be either "False" or "True"
if [[ "$iCloudStatus" = "true" ]]; then
DriveStatus=$("$plistBud" -c "print :Accounts:0:Services:2:Enabled" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
if [[ "$DriveStatus" = "true" ]]; then
if [[ "$iCloudDesktop" = "1" ]]; then
DocSyncStatus="Enabled"
else
DocSyncStatus="Not Enabled"
fi
fi
if [[ "$DriveStatus" = "false" ]] || [[ -z "$DriveStatus" ]]; then
DocSyncStatus="iCloud Account Enabled, Drive Not Enabled"
fi
fi
if [[ "$iCloudStatus" = "false" ]] || [[ -z "$iCloudStatus" ]]; then
DocSyncStatus="iCloud Account Disabled"
fi
else
DocSyncStatus="iCloud Account Disabled"
fi
else
DocSyncStatus="OS Not Supported"
fi
/bin/echo "<result>$DocSyncStatus</result>"Hi,
I used the above and i am getting
Detect iCloud Sync Settings: OS Not Supported
This is on 12.6.3 and 13.2.1
Both of these machines are M1 and M2. Am i missing something?
Hi,
I used the above and i am getting
Detect iCloud Sync Settings: OS Not Supported
This is on 12.6.3 and 13.2.1
Both of these machines are M1 and M2. Am i missing something?
@jmanprasert try changing the if statement to
if [ "$OSverMinor" -ge "12" ] || [ "$OSverMajor" -ge "11" ]; then
I tested with this script as an extension attribute and it does indeed work for 12.5.1.
Hello,
I added a line to help with macOS Ventura 13 which is now:
OSverMajor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 1)"
= 13
but the results are not accurate as I have iCloud and iCloud sync active. Maybe you can help me sort this out.
result is:
We do not have Big Sur in our environment so the 2 work perfectly for Monterey:
OSverMinor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 2)"
if f "$OSverMinor" -ge "12" ] || | "$OSverMajor" -eq "11" ]; then
Thank you for your help!
Sorry replied to the wrong line :D
@jmanprasert try changing the if statement to
if [ "$OSverMinor" -ge "12" ] || [ "$OSverMajor" -ge "11" ]; thenI replied to the wrong line. Sorry about that:
Your script above has that line in it, 11th line.
This is the 7-11 line. Even tried taking out the -f 1)" line and didnt make a difference
#Variable to determine major OS version
OSverMinor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 2)"
OSverMajor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 1)"
#Determine OS is 10.12 or greater as Doc Sync is only available on 10.12+
if [ "$OSverMinor" -ge "12" ] || [ "$OSverMajor" -eq "11" ]; then
@jmanprasert try changing the if statement to
if [ "$OSverMinor" -ge "12" ] || [ "$OSverMajor" -ge "11" ]; thenThis changes the check on Major version from equal to 11 and changes it to greater than or equal to 11.
I replied to the wrong line. Sorry about that:
Your script above has that line in it, 11th line.
This is the 7-11 line. Even tried taking out the -f 1)" line and didnt make a difference
#Variable to determine major OS version
OSverMinor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 2)"
OSverMajor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 1)"
#Determine OS is 10.12 or greater as Doc Sync is only available on 10.12+
if [ "$OSverMinor" -ge "12" ] || [ "$OSverMajor" -eq "11" ]; then
here is the most updated version that I use today that works fine.
#!/bin/bash
# Purpose: to grab iCloud Drive Desktop and Document Sync status.
# If Drive has been setup previously then values should be: "Enabled" or "Not Enabled"
# If Drive has NOT been set up previously then values will be: "iCloud Account Enabled, Drive Not Enabled" or "iCloud Account Disabled"
#Variable to determine major OS version
OSverMinor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 2)"
OSverMajor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 1)"
#Determine OS is 10.12 or greater as Doc Sync is only available on 10.12+
if [ "$OSverMinor" -ge "12" ] || [ "$OSverMajor" -ge "11" ]; then
#Path to PlistBuddy
plistBud="/usr/libexec/PlistBuddy"
#Determine logged in user
loggedInUser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name 
&& ! /loginwindow/ { print $3 }' )
#Variable to determine status of iCloud Drive Desktop & Documents setting
iCloudDesktop=$(defaults read /Users/$loggedInUser/Library/Preferences/com.apple.finder.plist FXICloudDriveDesktop)
#Determine whether user is logged into iCloud
if [[ -e "/Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist" ]]; then
iCloudStatus=$("$plistBud" -c "print :Accounts:0:LoggedIn" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
#Determine whether user has iCloud Drive enabled. Value should be either "False" or "True"
if [[ "$iCloudStatus" = "true" ]]; then
DriveStatus=$("$plistBud" -c "print :Accounts:0:Services:2:Enabled" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
if [[ "$DriveStatus" = "true" ]]; then
if [[ "$iCloudDesktop" = "1" ]]; then
DocSyncStatus="Enabled"
else
DocSyncStatus="Not Enabled"
fi
fi
if [[ "$DriveStatus" = "false" ]] || [[ -z "$DriveStatus" ]]; then
DocSyncStatus="iCloud Account Enabled, Drive Not Enabled"
fi
fi
if [[ "$iCloudStatus" = "false" ]] || [[ -z "$iCloudStatus" ]]; then
DocSyncStatus="iCloud Account Disabled"
fi
else
DocSyncStatus="iCloud Account Disabled"
fi
else
DocSyncStatus="OS Not Supported"
fi
/bin/echo "<result>$DocSyncStatus</result>"
here is the most updated version that I use today that works fine.
#!/bin/bash
# Purpose: to grab iCloud Drive Desktop and Document Sync status.
# If Drive has been setup previously then values should be: "Enabled" or "Not Enabled"
# If Drive has NOT been set up previously then values will be: "iCloud Account Enabled, Drive Not Enabled" or "iCloud Account Disabled"
#Variable to determine major OS version
OSverMinor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 2)"
OSverMajor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 1)"
#Determine OS is 10.12 or greater as Doc Sync is only available on 10.12+
if [ "$OSverMinor" -ge "12" ] || [ "$OSverMajor" -ge "11" ]; then
#Path to PlistBuddy
plistBud="/usr/libexec/PlistBuddy"
#Determine logged in user
loggedInUser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name && ! /loginwindow/ { print $3 }' )
#Variable to determine status of iCloud Drive Desktop & Documents setting
iCloudDesktop=$(defaults read /Users/$loggedInUser/Library/Preferences/com.apple.finder.plist FXICloudDriveDesktop)
#Determine whether user is logged into iCloud
if [[ -e "/Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist" ]]; then
iCloudStatus=$("$plistBud" -c "print :Accounts:0:LoggedIn" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
#Determine whether user has iCloud Drive enabled. Value should be either "False" or "True"
if [[ "$iCloudStatus" = "true" ]]; then
DriveStatus=$("$plistBud" -c "print :Accounts:0:Services:2:Enabled" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
if [[ "$DriveStatus" = "true" ]]; then
if [[ "$iCloudDesktop" = "1" ]]; then
DocSyncStatus="Enabled"
else
DocSyncStatus="Not Enabled"
fi
fi
if [[ "$DriveStatus" = "false" ]] || [[ -z "$DriveStatus" ]]; then
DocSyncStatus="iCloud Account Enabled, Drive Not Enabled"
fi
fi
if [[ "$iCloudStatus" = "false" ]] || [[ -z "$iCloudStatus" ]]; then
DocSyncStatus="iCloud Account Disabled"
fi
else
DocSyncStatus="iCloud Account Disabled"
fi
else
DocSyncStatus="OS Not Supported"
fi
/bin/echo "<result>$DocSyncStatus</result>"This one works. thank you so much!!
This changes the check on Major version from equal to 11 and changes it to greater than or equal to 11.
Question regarding the results from this. We noticed that on a computer with iCloud logged in it shows "iCloud Account Disabled" but it's not and is active with the Drive enabled but not syncing. Could this be a bug or fluke on this endpoint macOS Ventura 13.2.1 M1 Pro.
Question regarding the results from this. We noticed that on a computer with iCloud logged in it shows "iCloud Account Disabled" but it's not and is active with the Drive enabled but not syncing. Could this be a bug or fluke on this endpoint macOS Ventura 13.2.1 M1 Pro.
Guess I'll need to go back and validate. Looks like Apple has changed some of the keys in the plist. I'll take a look at it tomorrow and report back.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.