Skip to main content

Hi everyone,

Has anyone worked out how to disable the "Sign in with your Apple ID" prompt at login?

I currently have the following keys set for the default template for new users:

OSVERS=$(sw_vers -productVersion)
OSBUILD=$(sw_vers -buildVersion)

com.apple.SetupAssistant "DidSeeCloudSetup" -bool true
com.apple.SetupAssistant "LastSeenCloudProductVersion" -string ${OSVERS}
com.apple.SetupAssistant "GestureMovieSeen" -string none
com.apple.SetupAssistant "LastPreLoginTasksPerformedVersion" -string ${OSVERS} com.apple.SetupAssistant "LastPreLoginTasksPerformedBuild" -string ${OSBUILD}

I use a function in my shell to write these keys which is why you don't see the full defaults write and path to file in the above keys that i use.

Are they any other keys that mavericks needs to suppress the Apple ID prompt on first login?

Cheers,

Frank

One hopes that people you entrust to log in as root via the GUI could understand to just skip any request to provide an Apple ID.

one person other than myself has the password. and we take care of the root account iCloud wizard before delivery. which is why i'd prefer to automate.

I am upgrading computer lab to 10.10.3
We use NFSv3 home folders.

When user's home folder is empty I always get iCloud Setup window (this was not an issue with 10.9.5).
I deployed configuration profile with com.apple.SetupAssistant settings but this aproach does not seem to work.

I have two working solutions:
1) Prepopulate user's folders with ~/Library/Preferences/com.apple.SetupAssistant.plist file (maybe whole template when we are at it) <- which requires to get IT department work on it.
2) Modify /System/Library/CoreServices/Setup Assistant.app = rename /System/Library/CoreServices/Setup Assistant.app/Contents/SharedSupport/MiniLauncher <- which will probably not work well with 10.11 SIP

Am I missing some better solution?
Would login hook execute before iCloud setup is shown?

@michalm.mac Refer to this post: https://derflounder.wordpress.com/2014/10/16/disabling-the-icloud-and-diagnostics-pop-up-windows-in-yosemite/

Whether that solution will work in 10.11 is to be determined. Haven't tested 10.11 yet myself. Just been reading about it so far. But since you're on 10.10.3 this solution should work nicely.

@bpavlov Actually I am using modifed verion of @rtrouton script for local users with home folder in /var/.home

However with network account and empty nfs user home folder files are not copied from template automatically.

I filled feature request radar on that -> https://openradar.appspot.com/21355558

Wow really? That's really interesting. Where are the user folder defaults populated from then?

@bpavlov well they are not populated from anywhere. I don't have access to home folders.
Should I try to convince IT to copy OS X user template to every single home folder?

I was able to solve this by LoginHook script.

#!/bin/sh
USER=$1
su - $USER -c "/Library/Scripts/hooks/hook_defaults.sh"

It executes second script with privileges of user who is logging in. Second script copies prepared com.apple.SetupAssistant.plist into ~/Library/Preferences if it doen not exists.

Has anyone got this working on El Capitan 10.11+ ? My renaming of the minilauncher doesn't seem to be working any longer.

I'd love to know if anyone has this working on 10.11 as well. So far I have been unsuccessful in all my tests.

Below is our script that both works on 10.11 and as the root user. Note that "$home_loc" and "$user_shortname" are variables that we set with our in house written "coreDaemon", so for those you are on your own. This script runs as root instead of the user due to issues with setting certain Apple preferences at login as the user (may not be an issue anymore but haven't tested)

#!/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin export PATH
home_loc=$(cat /private/tmp/home_loc)
user_shortname=$(cat /private/tmp/user_shortname)
if [[ "$home_loc" == "" ]]; then
    exit 1
elif [[ "$user_shortname" == "" ]]; then
    exit 1
fi
#####################################################################################################################################

OSVersion=$(sw_vers -productVersion)
OSBuild=$(sw_vers -buildVersion)
BuildVersionStampAsNumber=$(defaults read /Library/Preferences/com.apple.loginwindow OptimizerLastRunForBuild)
SystemVersionStampAsNumber=$(defaults read /Library/Preferences/com.apple.loginwindow OptimizerLastRunForSystem)

# Disable setup assistant
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" DidSeeCloudSetup -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" DidSeeSyncSetup -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" DidSeeSyncSetup2 -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" RunNonInteractive -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" GestureMovieSeen ""
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" LastPreLoginTasksPerformedBuild "$OSBuild"
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" LastPreLoginTasksPerformedVersion "$OSVersion"
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" LastSeenBuddyBuildVersion "$OSBuild"
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" LastSeenCloudProductVersion "$OSVersion"
defaults write "$home_loc/Library/Preferences/loginwindow" BuildVersionStampAsString "$OSBuild"
defaults write "$home_loc/Library/Preferences/loginwindow" SystemVersionStampAsString "$OSVersion"
defaults write "$home_loc/Library/Preferences/loginwindow" BuildVersionStampAsNumber -int "$BuildVersionStampAsNumber"
defaults write "$home_loc/Library/Preferences/loginwindow" SystemVersionStampAsNumber -int "$SystemVersionStampAsNumber"

chown "$user_shortname" "$home_loc/Library/Preferences/com.apple.SetupAssistant.plist"
chown "$user_shortname" "$home_loc/Library/Preferences/loginwindow.plist"

This is how I got around the problem on machines that are frozen (using Deep Freeze) - so every user, every time is a new user.

I created/modified a plist with the following values (on another machine):

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>DidSeeCloudSetup</key> <true/> <key>DidSeeSyncSetup</key> <true/> <key>DidSeeSyncSetup2</key> <true/> <key>DidSeeiCloudSecuritySetup</key> <true/> <key>LastCacheCleanupStillRunning</key> <false/> <key>LastPreLoginTasksPerformedBuild</key> <string>15F34</string> <key>LastPreLoginTasksPerformedVersion</key> <string>10.11.5</string> <key>LastSeenBuddyBuildVersion</key> <string>15F34</string> <key>LastSeenCloudProductVersion</key> <string>10.11.5</string> <key>RunNonInteractive</key> <false/> <key>ShowKeychainSyncBuddyAtLogin</key> <false/> <key>SkipFirstLoginOptimization</key> <false/>
</dict>
</plist>

Thawed the machine.

Then logged into the machine as the administrator (already on the machine), changed the permissions to the /System/Library/User Templates folder so that the administrator can make changes to the folder and all sub folders. Drop the plist file (named com.apple.SetupAssistant.plist in the sub folder /English.iproj/Library/Preferences folder.

Freeze the machine - no more popup when a user logs in.

This is how I got around the problem on machines that are frozen (using Deep Freeze) - so every user, every time is a new user.

I created/modified a plist with the following values (on another machine):

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>DidSeeCloudSetup</key> <true/> <key>DidSeeSyncSetup</key> <true/> <key>DidSeeSyncSetup2</key> <true/> <key>DidSeeiCloudSecuritySetup</key> <true/> <key>LastCacheCleanupStillRunning</key> <false/> <key>LastPreLoginTasksPerformedBuild</key> <string>15F34</string> <key>LastPreLoginTasksPerformedVersion</key> <string>10.11.5</string> <key>LastSeenBuddyBuildVersion</key> <string>15F34</string> <key>LastSeenCloudProductVersion</key> <string>10.11.5</string> <key>RunNonInteractive</key> <false/> <key>ShowKeychainSyncBuddyAtLogin</key> <false/> <key>SkipFirstLoginOptimization</key> <false/>
</dict>
</plist>

Thawed the machine.

Then logged into the machine as the administrator (already on the machine), changed the permissions to the /System/Library/User Templates folder so that the administrator can make changes to the folder and all sub folders. Drop the plist file (named com.apple.SetupAssistant.plist in the sub folder /English.iproj/Library/Preferences folder.

Freeze the machine - no more popup when a user logs in.

Below is the updated version of our script for 10.12:

#!/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin export PATH
scriptfn=$(echo "$0" | sed 's/.*///g') # script filename
scriptfnPath=$(dirname "$0") # script file path
home_loc=$(cat /private/tmp/home_loc)
user_shortname=$(cat /private/tmp/user_shortname)
if [[ "$home_loc" == "" ]]; then
    exit 1
elif [[ "$user_shortname" == "" ]]; then
    exit 1
fi
#####################################################################################################################################

OSVersion=$(sw_vers -productVersion)
OSBuild=$(sw_vers -buildVersion)
BuildVersionStampAsNumber=$(defaults read /Library/Preferences/com.apple.loginwindow OptimizerLastRunForBuild)
SystemVersionStampAsNumber=$(defaults read /Library/Preferences/com.apple.loginwindow OptimizerLastRunForSystem)

# Disable setup assistant
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" DidSeeAvatarSetup -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" DidSeeCloudSetup -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" DidSeeiCloudLoginForStorageServices -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" DidSeeSiriSetup -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" DidSeeSyncSetup -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" DidSeeSyncSetup2 -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" RunNonInteractive -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" GestureMovieSeen ""
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" LastPreLoginTasksPerformedBuild "$OSBuild"
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" LastPreLoginTasksPerformedVersion "$OSVersion"
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" LastSeenBuddyBuildVersion "$OSBuild"
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" LastSeenCloudProductVersion "$OSVersion"
defaults write "$home_loc/Library/Preferences/loginwindow" BuildVersionStampAsString "$OSBuild"
defaults write "$home_loc/Library/Preferences/loginwindow" SystemVersionStampAsString "$OSVersion"
defaults write "$home_loc/Library/Preferences/loginwindow" BuildVersionStampAsNumber -int "$BuildVersionStampAsNumber"
defaults write "$home_loc/Library/Preferences/loginwindow" SystemVersionStampAsNumber -int "$SystemVersionStampAsNumber"

chown "$user_shortname" "$home_loc/Library/Preferences/com.apple.SetupAssistant.plist"
chown "$user_shortname" "$home_loc/Library/Preferences/loginwindow.plist"

Thanks for this updated script. I am planing on inplimenting this in my latest 10.12 upgrade.

Quick question, I have scripts that run before the OS upgrade, creates a LaunchAgent that's set to use the preloginwindow so I can run scripts post upgrade but before the user logs in.

The problem is the OS upgrade completes then sort of auto logs in but not really. After the OS Upgrade the user is presented with a login window with their username pre-filled. (Looks lie FileVault login for example.) the issue is that the LaunchAgent doesn't run.

If I touch .applesetupdone before the OS upgrade completes will this stop that prepop and allow my LaunchAgent to run?

Or any thoughts on how to get it to run? If the user logs in then immediately logs out, the LaunchAgent fires as intended. It's just a bad user experience to have them login then right back out.

The ability to disable AppleID/iCloud sign-in has been added in configuration profile settings of JSS 9.93 and later.

@Bobojo This behavior was removed in 10.12 (thankfully!) so you don't have to be concerned about it.

@ jgalante

The ability to disable AppleID/iCloud sign-in has been added in configuration profile settings of JSS 9.93 and later. Does this still work for 10.12? If so, do you know the means/steps in config profile to accomplish this. I want the set up assistant to NOT show up on the admin or user side at first log in.

Thank you in advance for your help or response.

Has anyone got this working on Sierra, High Sierra and Mojave ?

I think it works on Sierra, but newer versions seem to ignore it

I'd like to know if anyone else has gotten this working, too. It's killing me. It was working up until Mojave for me. I've tried everything I can think of at this point. Config profiles aren't working and the original suppression script isn't working anymore either.

following ..

Forgot I had this package in my repository. Added it to our base install policy and all is now right with the world.

https://github.com/rtrouton/rtrouton_scripts/blob/master/rtrouton_scripts/disable_apple_icloud_data_privacy_diagnostic_touch_id_and_siri_pop_ups/payload_free_package/disable_apple_icloud_data_privacy_diagnostic_touch_id_and_siri_pop_ups.zip

Terms & ConditionsCookie settings