Hi All,

Just wanting to bounce this around the community so see if anyone can riddle me this.
I want to prevent the creation of the iCloud keychain folder that appears in the user library at ~/Library/Keychains/Local items folder using machine UUID.

As we operate in an AD environment which forces users to change password every three months we are getting numerous tasks to do with the keychain pop ups requesting updating of the local items pertaining to iCloud keychains.
We have iCloud locked down and as far as I am aware no user has iCloud enabled. Still the OS insists on creating the folder in the users keychains folder. Users can't be relied upon to enter their previous password to update the local and or even if they do sometimes it doesn't work.

I have been going through numerous launch agents, frameworks etc that could be responsible for creating this folder in the users Keychain folder but not coming up with anything.
iCloud keychain is an enterprise abomination and I'd like to be able to control it with a little more vigour than having to delete the iCloud login keychain folder and rebooting for it to recreate and sync for every user who comes up against it.

Has anyone been down this path that could enlighten me?

Cheers
T