Hi all,
i have a question about locked user accounts. Is it possible to deny complete access to a MacBook after the user has been locked in Microsoft Azure? We recently had a case where a user was locked out but still had access to his MacBook through his "local account".
Is this possible or do we always have to click on Lock Computer in Jamf?
+8If the mac has a local account, by definition it isn't using your domain services, so unfortunately yes you would need to lock the machine or use code: "pwpolicy -u $username disableuser"
the mac is in our remote management so there should be no local account. Is there another solution then?
+8the mac is in our remote management so there should be no local account. Is there another solution then?
In more detail;
If the Mac is still checking in with jamf then you can create a policy to run the command I mentioned above, you can even force a logout.
Create a new policy - give it a name like lock login session, set trigger to Recurring Check-in, Frequency Once per computer
Files and Processes
Execute Command - "pwpolicy -u $username disableuser; killall loginwindow" where $username is the login of the user you want to disable.
Scope this policy to the Mac
Or more simply lock the Mac with the MDM command...
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
