Disable iCloud Sync

j_allenbrand
Contributor

Hi,

It there a way to not allow users to sync their device with their personal iCloud? Ie not allowing icloud drive.

Thanks
Jared

16 REPLIES 16

DBrowning
Valued Contributor II

@j_allenbrand Uncheck this box in the restrictions payload (functionality tab) for a config profile. 0cc18583db764132875cda1e232a6803

jhuls
Contributor III

More importantly for me...is there a way to detect if someone is already using iCloud Drive?

DBrowning
Valued Contributor II

@jhuls

Use this EA

#!/bin/bash

# Purpose: to grab iCloud Drive Desktop and Document Sync status.
# If Drive has been setup previously then values should be: "Enabled" or "Not Enabled"
# If Drive has NOT been set up previously then values will be: "iCloud Account Enabled, Drive Not Enabled" or "iCloud Account Disabled"

#Variable to determine major OS version
OSver="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 2)"

#Determine OS is 10.12 or greater as Doc Sync is only available on 10.12+
if [ "$OSver" -ge "12" ]; then
    #Path to PlistBuddy
    plistBud="/usr/libexec/PlistBuddy"

    #Determine logged in user
    loggedInUser=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')

    #Variable to determine status of iCloud Drive Desktop & Documents setting
    iCloudDesktop=$(defaults read /Users/$loggedInUser/Library/Preferences/com.apple.finder.plist FXICloudDriveDesktop)

    #Determine whether user is logged into iCloud
    if [[ -e "/Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist" ]]; then
        iCloudStatus=$("$plistBud" -c "print :Accounts:0:LoggedIn" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )

        #Determine whether user has iCloud Drive enabled. Value should be either "False" or "True"
        if [[ "$iCloudStatus" = "true" ]]; then
            DriveStatus=$("$plistBud" -c "print :Accounts:0:Services:2:Enabled" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
            if [[ "$DriveStatus" = "true" ]]; then
                if [[ "$iCloudDesktop" = "1" ]]; then
                    DocSyncStatus="Enabled"
                else
                    DocSyncStatus="Not Enabled"
                fi
            fi
            if [[ "$DriveStatus" = "false" ]] || [[ -z "$DriveStatus" ]]; then
                DocSyncStatus="iCloud Account Enabled, Drive Not Enabled"
            fi
        fi
        if [[ "$iCloudStatus" = "false" ]] || [[ -z "$iCloudStatus" ]]; then
            DocSyncStatus="iCloud Account Disabled"
        fi
    else
        DocSyncStatus="iCloud Account Disabled"
    fi
else
    DocSyncStatus="OS Not Supported"
fi


/bin/echo "<result>$DocSyncStatus</result>"

jhuls
Contributor III

@ddcdennisb Thanks. This will work for most of my systems but it appears to only pull from the logged in user. Ideally it would be nice to pull from all users on the computer and report that as we have some multiuser systems.

j_allenbrand
Contributor

@ddcdennisb where do you get the results from?

DBrowning
Valued Contributor II

@j_allenbrand , that script is an Extension Attribute. So it would be listed under which ever category you put it in.

Rye
New Contributor

@DBrowning, Do you know if this script will be updated to be compatible with Big Sur? Currently, when this script runs, it returns "OS Not Supported" next to the extension attribute. Or is there something that needs to be modified in the code for this change?

DBrowning
Valued Contributor II

@Rye easy change to the script to include Big Sur. Below is the updated EA that I use.

#!/bin/bash

# Purpose: to grab iCloud Drive Desktop and Document Sync status.
# If Drive has been setup previously then values should be: "Enabled" or "Not Enabled"
# If Drive has NOT been set up previously then values will be: "iCloud Account Enabled, Drive Not Enabled" or "iCloud Account Disabled"

#Variable to determine major OS version
OSverMinor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 2)"
OSverMajor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 1)"
#Determine OS is 10.12 or greater as Doc Sync is only available on 10.12+
if [ "$OSverMinor" -ge "12" ] || [ "$OSverMajor" -eq "11" ]; then
    #Path to PlistBuddy
    plistBud="/usr/libexec/PlistBuddy"
    #Determine logged in user
    loggedInUser=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
    #Variable to determine status of iCloud Drive Desktop & Documents setting
    iCloudDesktop=$(defaults read /Users/$loggedInUser/Library/Preferences/com.apple.finder.plist FXICloudDriveDesktop)
    #Determine whether user is logged into iCloud
    if [[ -e "/Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist" ]]; then
        iCloudStatus=$("$plistBud" -c "print :Accounts:0:LoggedIn" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
        #Determine whether user has iCloud Drive enabled. Value should be either "False" or "True"
        if [[ "$iCloudStatus" = "true" ]]; then
            DriveStatus=$("$plistBud" -c "print :Accounts:0:Services:2:Enabled" /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist 2> /dev/null )
            if [[ "$DriveStatus" = "true" ]]; then
                if [[ "$iCloudDesktop" = "1" ]]; then
                    DocSyncStatus="Enabled"
                else
                    DocSyncStatus="Not Enabled"
                fi
            fi
            if [[ "$DriveStatus" = "false" ]] || [[ -z "$DriveStatus" ]]; then
                DocSyncStatus="iCloud Account Enabled, Drive Not Enabled"
            fi
        fi
        if [[ "$iCloudStatus" = "false" ]] || [[ -z "$iCloudStatus" ]]; then
            DocSyncStatus="iCloud Account Disabled"
        fi
    else
        DocSyncStatus="iCloud Account Disabled"
    fi
else
    DocSyncStatus="OS Not Supported"
fi
/bin/echo "<result>$DocSyncStatus</result>"

Works like a charm as always.

I tested with this script as an extension attribute and it does indeed work for 12.5.1. 

Hello,
I added a line to help with macOS Ventura 13 which is now:

OSverMajor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 1)"

= 13

but the results are not accurate as I have iCloud and iCloud sync active. Maybe you can help me sort this out.

result is: 

Screenshot 2022-09-07 at 4.25.29 PM.png

We do not have Big Sur in our environment so the 2 work perfectly for Monterey:

OSverMinor="$(/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 2)"

 

if [ "$OSverMinor" -ge "12" ] || [ "$OSverMajor" -eq "11" ]; then

 Thank you for your help!

Rye
New Contributor

@DBrowning Thanks!

j_allenbrand
Contributor

Hi did you put this script under extension attributes or somewhere else? 

It is under extension attributes

j_allenbrand
Contributor

Screenshot 2022-09-07 at 2.48.03 PM.pngScreenshot 2022-09-07 at 2.48.57 PM.png

 

hmm I can't seem to get it to show up

Screenshot 2022-09-07 at 6.12.33 PM.png

I used the second script posted and set it under Extension Attributes... 

I assume you ran a recon on at least one laptop... to pick up the extension attribute?