Any way to log users out of Messages / Facetime?

ddasilva
New Contributor

Is anyone aware of a way to log a user out of Messages or FaceTime or iCloud as a whole on OS X?

We started restricting the applications but it appears that users who were previously logged in are still getting notifications of new messages in Notification center.

I've tried deleting the plists for the applications but for some reason they are being re-created.

Any ideas?

10 REPLIES 10

Npotter229
New Contributor III

@ddasilva I had a similar issue. What I ended up doing is using the restricted software to actually delete the application. This deletes the .app front end of something like messages. You can easily put it back if you need to. This alleviates the constant pop up messages and notifications. Since JAMF executes at Root level it just does it, quite nice actually. One place to also check is to see if the user is logged in using iCloud - sign them out and then restrict that with a preference pane restriction. Happy hunting.

Nate

mm2270
Legendary Contributor III

Too bad deleting apps like Facetime and Messages won't work anymore under 10.11. Those items are protected by SIP now and even root can't effect them.

bwiessner
Contributor II

You could just disable SIP...

Restart your Mac.
Before OS X starts up, hold down Command-R and keep it held down until you see an Apple icon and a progress bar. Release. This boots you into Recovery.
From the Utilities menu, select Terminal.
At the prompt type exactly the following and then press Return: csrutil disable
Terminal should display a message that SIP was disabled.
From the  menu, select Restart.
You can re-enable SIP by following the above steps, but using csrutil enable instead.

ddasilva
New Contributor

@Npotter229 I'm pretty sure the users are logged in using iCloud so ideally a way to remotely log them out would solve the issue as well.

I've already restricted the PrefPane so now it's just a matter of either finding a way to log them out remotely or temporarily enabling the prefpane again and walk around making sure no one is signed in.

mm2270
Legendary Contributor III

I was curious about what happens when a Mac gets logged into or out of Messages (as an example), so I did a few Composer monitor file system changes captures. There are a boatload of preference files being touched by simply logging into or out of Messages. Here's some of the ones that got captured when I logged out. Most of these also got touched when I logged in.

Users
    <username>
        Library
            Preferences
                ByHost
                    com.apple.iChat.AIM.<UUID>.plist
                    com.apple.imservice.SMS.<UUID>.plist
                callservicesd.plist
                com.apple.facetime.bag.plist
                com.apple.iChat.plist
                com.apple.ids.service.com.apple.ess.plist
                com.apple.ids.service.com.apple.madrid.plist
                com.apple.ids.service.com.apple.private.alloy.icloudpairing.plist
                com.apple.ids.service.com.apple.private.alloy.maps.plist
                com.apple.ids.service.com.apple.private.alloy.phonecontinuity.plist
                com.apple.ids.service.com.apple.private.alloy.screensharing.plist
                com.apple.ids.service.com.apple.private.alloy.sms.plist
                com.apple.imservice.ids.iMessage.plist
                com.apple.sms.plist
                com.apple.iChat.LSSharedFileList.plist

And there were other items too, like stuff in ~/Library/Containers/com.apple.iChat/
Even my login.keychain showed up in the results, but I'm not sure if it was related to logging out. I didn't examine it closely.
Oddly, the 2 plists that seemed to hold important info that I can see a clear change from the logged out state to the logged in one, are:

com.apple.ids.service.com.apple.madrid.plist
com.apple.ids.service.com.apple.private.alloy.sms.plist

Not sure what the whole "madrid" thing is about. A codename perhaps? I certainly don't live there :)
Anyway, in the logged in ones I can see an array in both plists called EnabledAccounts which has a string in it that looks like a UUID of some kind. So it looks something like this in the plist:

<key>EnabledAccounts</key>
<array>
            <string>04FB8224-E6AF-300A-A158-BD0E74A27A5A</string>
</array>

That same section only shows as:

<key>EnabledAccounts</key>
<array/>

In the plist that was captured after logging out of Messages. So basically that array gets removed once the account is logged out. I don't know how helpful that is, but its about as far as I got.

I have a feeling even if you deleted any or all of the above files or removed the array from them, I don't think it logs the user out. I imagine you'd have to kill a running service on the Mac, or restart a daemon or something that controls that state. I'm just guessing, but it doesn't look like an easy task.

ddasilva
New Contributor

Thanks @mm2270! There is a lot of great info there.

We have a small enough user base that it might just be easier to visit the offenders one time and sign them out manually. From that point on the PrefPane and RestrictedApps list should do the trick.

sapalmerBCS
New Contributor III

@mm2270 @ddasilva Either of you make any progress with this? I've got a lot of students that are able to use the notification center to message even though we have blocked Messages.app. Since we can't use the delete application functionality anymore in El Capitan I'm struggling for another solution that isn't manually finding students and logging them out of Messages.

ddasilva
New Contributor

@sapalmerBCS I haven't really had much luck since originally posting. I ended up adding the applications to the Restricted Software list, disabling the PrefPane for iCloud, and putting in an ExtensionAttribute to let me know if anyone has found a way to sign into iCloud.

I know some users are still logged into the apps because I get an alert every time it tries to launch but I just haven't had the cycles to go back and figure it out.

franton
Valued Contributor III

I'm fairly sure there's stuff added/removed from ~/Library/Accounts/Accounts3.sqlite too, including iCloud stuff.

I'm unhappy to proceed with direct sqlite hacking, so if anyone finds an API for this that would probably be safer.

chisox1
New Contributor

Has anyone had any luck with this?