Completely Disable iCloud?

steviethetv
New Contributor III

Is it possible to completely disable iCloud all-together? I know we can disable elements of iCloud in a Configuration Profile, but if we wanted to force-sign-out users from iCloud, then prevent a user from logging into iCloud ever again, can we do this?

1 ACCEPTED SOLUTION

steviethetv
New Contributor III

I did a bit of googling and testing and I found a solution on the interwebs. Running the script below will remove the MobileMeAccounts.plist file, which in turn removes the iCloud account from the Mac. Doing that in tandem with disabling iCloud in the system preferences seems to be the most foolproof way to prevent iCloud access. A caveat though is that Find My Mac is still enabled on icloud.com and a user can still remotely lock and wipe a device that they may or may not have access to after exiting a company

#!/bin/bash
# Log out all users from iCloud
ls /Users/ | while read USERS ;
do
if [ -d /Users/$USERS/Library/Preferences/ ];
then
rm /Users/$USERS/Library/Preferences/MobileMeAccounts.plist
fi
done
killall cfprefsd

View solution in original post

8 REPLIES 8

CAJensen01
Contributor

I'm not familiar with a complete way to do this (eg sign folks out of iCloud.)

You can use the config profiles in Sierra to block a lot of the functionality.. (but for some reason not syncing photos.. dammit Apple, why?)

You can disable the iCloud preference pane as well.

You can use an EA to detect users that are signed into an iCloud account..
/usr/bin/defaults read $userHOME/Library/Preferences/MobileMeAccounts.plist | grep "AccountID"

and then you can either restrict things to those users, present them with dialogs including steps to remediate, etc.

Or you can go ballistic/nuclear and have your firewall blocked to the Apple range, which will cause a host of other things (such as DEP and Internet Recovery) to not work.

steviethetv
New Contributor III

I did a bit of googling and testing and I found a solution on the interwebs. Running the script below will remove the MobileMeAccounts.plist file, which in turn removes the iCloud account from the Mac. Doing that in tandem with disabling iCloud in the system preferences seems to be the most foolproof way to prevent iCloud access. A caveat though is that Find My Mac is still enabled on icloud.com and a user can still remotely lock and wipe a device that they may or may not have access to after exiting a company

#!/bin/bash
# Log out all users from iCloud
ls /Users/ | while read USERS ;
do
if [ -d /Users/$USERS/Library/Preferences/ ];
then
rm /Users/$USERS/Library/Preferences/MobileMeAccounts.plist
fi
done
killall cfprefsd

Does this work still with MacOS Ventura or Sonoma?

dgreening
Valued Contributor II

Add this to purge the Find My Mac NVRAM token and break the link. Its a good idea to use this in any Imaging setup script which you might have...

/usr/sbin/nvram -d fmm-mobileme-token-FMM

ckeats
New Contributor II

Tested this script with the latest OSX Sierra, looks like it removes the account from iCloud in the system preferences but not from the internet accounts in system preferences (which is keeping iCloud features running).

Another problem i see is if you remove it while you have any type of iCloud notification (which in my case it was asking to enable two Factor Authentication) it will keep that notification up in system preferences with no way to remove it without adding another account and signing out manually. I assume there is a file that tells system preferences that there is a notification but not sure which file to remove to clear the cache on that.

Side Note: If you manually remove the iCloud account in internet accounts it removes the notification.

834648c2a469460db5c9668e1d11b232

Dmitry
New Contributor

Guys, I have a different problem. My organisation disabled iCloud on my Mac. How to enable it back?

KSchroeder
Contributor

@Dmitry I guess you'd need to contact your IT staff about that and explain why you need it enabled. They probably didn't disable it just to annoy you; many organizations (mine included) have concerns around iCloud and the potential to sync/extract organizational data out to a 3rd party (particularly since there is no way (that I know of at least) to disable someone's AppleID, since it isn't really tied to the organization directly).

SeetendraPanda
New Contributor III

Is this still valid and can be used to signout users from icloud.
We have enabled the icloud block option in JAMF but that does not signout icloud for the users
Can i use this to force signout of icloud for the users

Also is the applicable to the latest version macos 10.14.5