Disable Mavericks Sign in with your Apple ID at login prompt?

frank
New Contributor III

Hi everyone,

Has anyone worked out how to disable the "Sign in with your Apple ID" prompt at login?

I currently have the following keys set for the default template for new users:

OSVERS=$(sw_vers -productVersion)
OSBUILD=$(sw_vers -buildVersion)

com.apple.SetupAssistant "DidSeeCloudSetup" -bool true
com.apple.SetupAssistant "LastSeenCloudProductVersion" -string ${OSVERS}
com.apple.SetupAssistant "GestureMovieSeen" -string none
com.apple.SetupAssistant "LastPreLoginTasksPerformedVersion" -string ${OSVERS} com.apple.SetupAssistant "LastPreLoginTasksPerformedBuild" -string ${OSBUILD}

I use a function in my shell to write these keys which is why you don't see the full defaults write and path to file in the above keys that i use.

Are they any other keys that mavericks needs to suppress the Apple ID prompt on first login?

Cheers,

Frank

1 ACCEPTED SOLUTION

benleroy
New Contributor II

Rich Trouton has a write-up on this, we were able to adapt his script to our environment fairly easily.

http://derflounder.wordpress.com/2013/10/27/disabling-the-icloud-sign-in-pop-up-message-on-lion-and-...

View solution in original post

47 REPLIES 47

bentoms
Release Candidate Programs Tester

Is iLife 11 installed on these Macs?

malroy
New Contributor II

Bentoms,

I work with Frank, so No iLife 11 is not installed on those Macs.

bentoms
Release Candidate Programs Tester

iWork?

nessts
Valued Contributor II

what i did was go through the setup and capture the entire com.apple.SetupAssistant.plist throw it into the homes you don't want to see it. so new machine put it in the template, existing machines each users Library/Preferences
Seems to be working fine.

benleroy
New Contributor II

Rich Trouton has a write-up on this, we were able to adapt his script to our environment fairly easily.

http://derflounder.wordpress.com/2013/10/27/disabling-the-icloud-sign-in-pop-up-message-on-lion-and-...

frank
New Contributor III

Thanks benleroy that worked.

makander
Contributor

I've been trying to get remove icloud / appleid login when I create new users on a Mavericks system.

I've tried to capture the settings in the com.apple.SetupAssistant.plist and to deploy them with FET / FUT in a DMG. Didn't get that to work.

I've also tried to upload the .plist for the settings as a configuration profile but I'm not getting that to work properly either. Also tried with different MCX settings, like changing the version from 10.8 to 10.9.

And I've tried Rich Troutons script from Der Flounder. Still not getting it to work. Do you have any suggestions?

rtrouton
Release Candidate Programs Tester

@makander][/url,

How are you running the script? As written on my blog, the script is designed to be run as root.

In my own shop, I have this included as part of a first boot script:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/first_boot/10.9

makander
Contributor

Hi Rich!

I ran it at imaging with Casper Image. Tried running it with the script set at 'after' and I also tried with it being set at being run at 'reboot'. When I didn't get that to work I put it in /Library/Application Support/jamf/bin/ and from there ran it with a policy. Casper runs at root if I'm not mistaken.

makander
Contributor

Aha! I figured out what I was doing wrong! I had MCX set (it's always MCX's.... I should probably stop using them) for both 10.8 and 10.9 and since I forgot to scope the MCXs to the correct group it probably got both, or none, and then it didn't work!

kiruarch
New Contributor

According to the community, this should be working on 10.9:
http://derflounder.wordpress.com/2013/10/27/disabling-the-icloud-sign-in-pop-up-message-on-lion-and-later/

we tested working on 10.9

kiruarch
New Contributor

According to the community, this should be working on 10.9:
http://derflounder.wordpress.com/2013/10/27/disabling-the-icloud-sign-in-pop-up-message-on-lion-and-later/

we tested working on 10.9.1

itss
New Contributor III

I'm still having a problem with this on 10.9.1.
We're trying to go fully modular this year, and so I've created a virgin OS image using AutoDMG and created my local admin user using the "CreateUserPkg" utility. (I did create the package to place the home folder in /var, to keep it hidden from nosy students).

I've copied the script referenced above (http://derflounder.wordpress.com/2013/10/27/disabling-the-icloud-sign-in-pop-up-message-on-lion-and-later/) and created a workflow in DeployStudio which has 3 steps:

  1. erase & image
  2. disable icloud script
  3. install user via package

Full Disclosure: I also tried to put a "touch" in the script to create the .AppleSetupDone file, but (for whatever reason) the touch fails, so I converted the dmg to a sparsebundle, added the .AppleSetupDone file and then converted back to a dmg.

Anyways, after imaging, I log in as my local admin and the iCloud window appears.

I held down the power button and put the computer into target disk mode. I verified that the plist is in the user template (English.lproj) and that the 3 keys exist in the file. I also determined that the Home folder doesn't yet exist (checked in /Users & in /var).

I boot back to the computer and log in again. This time it boots right to the desktop. Also, all subsequent accounts created after this don't get the iCloud prompt (just the first user). Just for kicks, I also tried re-booting after imaging, but before logging in, but that didn't change anything.

So, any idea what I'm doing wrong? Does the first user not use the template (or use a different template)? Any help would be appreciated.

stevewood
Honored Contributor II
Honored Contributor II

Try switching the order in which you create your first user and you disable iCloud. So, switch #2 and #3 in your DS workflow. See if that works.

You are creating the admin user before the User Template files have been updated, so the iCloud "skip" will not have been ready for copying to the first user's home folder.

itss
New Contributor III

I'll give it a try, but currently I have the script running first (to update the user template) before creating the user.

I don't see how changing the workflow to create the user before running the script will help. Especially since the home folder isn't in /Users…

I'm willing to try it however, so I'll let you know how it goes.

itss
New Contributor III

I'll give it a try, but currently I have the script running first (to update the user template) before creating the user.

I don't see how changing the workflow to create the user before running the script will help. Especially since the home folder isn't in /Users…

I'm willing to try it however, so I'll let you know how it goes.

itss
New Contributor III

I'll give it a try, but currently I have the script running first (to update the user template) before creating the user.

I don't see how changing the workflow to create the user before running the script will help. Especially since the home folder isn't in /Users…

I'm willing to try it however, so I'll let you know how it goes.

stevewood
Honored Contributor II
Honored Contributor II

Ugh, I must have been asleep when I read that originally. You have it correct: run the iCloud script first, then create the user. Sorry.

What you can try is copying the User Template into the hidden account home folder location. I cannot recall of CreateUserPkg creates the home folder files or if it copies from the Template folder. So to make sure you are getting the home folder from the Template, you could add something like this:

rm -rf /var/admin/*
    cp -R /System/Library/User Template/English.lproj/* /var/admin/
    chown -R admin:staff /var/admin

That will insure you are using the Template files and not something else.

itss
New Contributor III

Ok, I'll try that.

bentoms
Release Candidate Programs Tester

We set ours via user level MCX.

Where is asks for "OSVers" as per @rtrouton's script.. We set it to 10.7.9, 10.8.9 & 10.9.9 & scope the MCX to smart groups based on OS version.

Seems to work. (Pretty sure that's what we do).

bentoms
Release Candidate Programs Tester

Dismiss my reply above, below is what we're doing:

Hi All,

Just checked how we've overcome this.

We modify the plist as per @rtrouton's post, but change the OS version to 10.9.9.

The package up the plist & deploy @ imaging using FEU/FUT's.

That way even the adobe install account has the setting when 1st logging in.

josaxo
New Contributor

@bentoms I am attempting the packaged method now. Question, how do you apply this for existing machines that might upgrade to Mavericks via Self Service? I tried the scripted method, and applied the plist updates just prior to the self service upgrade, but haven't had success with existing accounts. I am going to try the packaged version and see if i have better luck.

Thanks for the info.

frank
New Contributor III

I didn't notice there was more replies to this post! :)

I found the fix in the end was creating a MCX key in the JSS as we set it locally at build time, but also enforce it via MCX as local accounts (out support admin account as an example) wasn't using this key only mobile accounts where.

Domain: ~/Library/Preferences/com.apple.SetupAssistant
Key: LastSeenCloudProductVersion
Value: 10.9.2

You can make the value 10.9.9 as suggested but I haven't tested it to see if there is any negative effect.

michaelhusar
Contributor II

I did a machine profile with DidSeeCloudSetup -bool TRUE
GestureMovieSeen string none
LastSeenCloudProductVersion string 10.9.3

Worked fine for updating from 10.9.2 to 10.9.3
I did try 10.9.9 as value - this did not work in my setup.

themacdweeb
Contributor

to add another wrinkle:

we use rich's script as well. and it works really well for any user i create with either CreateUserPkg or via the CLI in the shell. there's just one user account for which it doesn't work:

the root user.

and please: no arguments against using the root user please, i've heard them all and we still use it here. so, i continue to experiment with finagling the root user code but, essentially it's identical to the +500 UID code, minus the path:

# variable
RootPrefs="/private/var/root/Library/Preferences"

defaults write "${RootPrefs}"/com.apple.loginwindow -dict ”
defaults write "${RootPrefs}"/loginwindow -dict ”
defaults write "${RootPrefs}"/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE
defaults write "${RootPrefs}"/com.apple.SetupAssistant GestureMovieSeen none
defaults write "${RootPrefs}"/com.apple.SetupAssistant LastSeenCloudProductVersion "${sw_vers}"

much obliged if anyone's seen this issue on the root user account. i can't get the dang thing to work. meh.

cheers n' beers,

gregneagle
Valued Contributor

One hopes that people you entrust to log in as root via the GUI could understand to just skip any request to provide an Apple ID.

themacdweeb
Contributor

one person other than myself has the password. and we take care of the root account iCloud wizard before delivery. which is why i'd prefer to automate.

michalm_mac
New Contributor

I am upgrading computer lab to 10.10.3
We use NFSv3 home folders.

When user's home folder is empty I always get iCloud Setup window (this was not an issue with 10.9.5).
I deployed configuration profile with com.apple.SetupAssistant settings but this aproach does not seem to work.

I have two working solutions:
1) Prepopulate user's folders with ~/Library/Preferences/com.apple.SetupAssistant.plist file (maybe whole template when we are at it) <- which requires to get IT department work on it.
2) Modify /System/Library/CoreServices/Setup Assistant.app = rename /System/Library/CoreServices/Setup Assistant.app/Contents/SharedSupport/MiniLauncher <- which will probably not work well with 10.11 SIP

Am I missing some better solution?
Would login hook execute before iCloud setup is shown?

bpavlov
Honored Contributor

@michalm.mac Refer to this post: https://derflounder.wordpress.com/2014/10/16/disabling-the-icloud-and-diagnostics-pop-up-windows-in-...

Whether that solution will work in 10.11 is to be determined. Haven't tested 10.11 yet myself. Just been reading about it so far. But since you're on 10.10.3 this solution should work nicely.

michalm_mac
New Contributor

@bpavlov Actually I am using modifed verion of @rtrouton script for local users with home folder in /var/.home

However with network account and empty nfs user home folder files are not copied from template automatically.

I filled feature request radar on that -> https://openradar.appspot.com/21355558

bpavlov
Honored Contributor

Wow really? That's really interesting. Where are the user folder defaults populated from then?

michalm_mac
New Contributor

@bpavlov well they are not populated from anywhere. I don't have access to home folders.
Should I try to convince IT to copy OS X user template to every single home folder?

michalm_mac
New Contributor

I was able to solve this by LoginHook script.

#!/bin/sh
USER=$1
su - $USER -c "/Library/Scripts/hooks/hook_defaults.sh"

It executes second script with privileges of user who is logging in. Second script copies prepared com.apple.SetupAssistant.plist into ~/Library/Preferences if it doen not exists.

michael_ferguso
New Contributor

Has anyone got this working on El Capitan 10.11+ ? My renaming of the minilauncher doesn't seem to be working any longer.

rcastorani
New Contributor II

I'd love to know if anyone has this working on 10.11 as well. So far I have been unsuccessful in all my tests.

john_bailey
New Contributor II

Below is our script that both works on 10.11 and as the root user. Note that "$home_loc" and "$user_shortname" are variables that we set with our in house written "coreDaemon", so for those you are on your own. This script runs as root instead of the user due to issues with setting certain Apple preferences at login as the user (may not be an issue anymore but haven't tested)

#!/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin export PATH
home_loc=$(cat /private/tmp/home_loc)
user_shortname=$(cat /private/tmp/user_shortname)
if [[ "$home_loc" == "" ]]; then
    exit 1
elif [[ "$user_shortname" == "" ]]; then
    exit 1
fi
#####################################################################################################################################

OSVersion=$(sw_vers -productVersion)
OSBuild=$(sw_vers -buildVersion)
BuildVersionStampAsNumber=$(defaults read /Library/Preferences/com.apple.loginwindow OptimizerLastRunForBuild)
SystemVersionStampAsNumber=$(defaults read /Library/Preferences/com.apple.loginwindow OptimizerLastRunForSystem)

# Disable setup assistant
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" DidSeeCloudSetup -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" DidSeeSyncSetup -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" DidSeeSyncSetup2 -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" RunNonInteractive -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" GestureMovieSeen ""
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" LastPreLoginTasksPerformedBuild "$OSBuild"
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" LastPreLoginTasksPerformedVersion "$OSVersion"
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" LastSeenBuddyBuildVersion "$OSBuild"
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" LastSeenCloudProductVersion "$OSVersion"
defaults write "$home_loc/Library/Preferences/loginwindow" BuildVersionStampAsString "$OSBuild"
defaults write "$home_loc/Library/Preferences/loginwindow" SystemVersionStampAsString "$OSVersion"
defaults write "$home_loc/Library/Preferences/loginwindow" BuildVersionStampAsNumber -int "$BuildVersionStampAsNumber"
defaults write "$home_loc/Library/Preferences/loginwindow" SystemVersionStampAsNumber -int "$SystemVersionStampAsNumber"

chown "$user_shortname" "$home_loc/Library/Preferences/com.apple.SetupAssistant.plist"
chown "$user_shortname" "$home_loc/Library/Preferences/loginwindow.plist"

cbmc
New Contributor

This is how I got around the problem on machines that are frozen (using Deep Freeze) - so every user, every time is a new user.

I created/modified a plist with the following values (on another machine):

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>DidSeeCloudSetup</key> <true/> <key>DidSeeSyncSetup</key> <true/> <key>DidSeeSyncSetup2</key> <true/> <key>DidSeeiCloudSecuritySetup</key> <true/> <key>LastCacheCleanupStillRunning</key> <false/> <key>LastPreLoginTasksPerformedBuild</key> <string>15F34</string> <key>LastPreLoginTasksPerformedVersion</key> <string>10.11.5</string> <key>LastSeenBuddyBuildVersion</key> <string>15F34</string> <key>LastSeenCloudProductVersion</key> <string>10.11.5</string> <key>RunNonInteractive</key> <false/> <key>ShowKeychainSyncBuddyAtLogin</key> <false/> <key>SkipFirstLoginOptimization</key> <false/>
</dict>
</plist>

Thawed the machine.

Then logged into the machine as the administrator (already on the machine), changed the permissions to the /System/Library/User Templates folder so that the administrator can make changes to the folder and all sub folders. Drop the plist file (named com.apple.SetupAssistant.plist in the sub folder /English.iproj/Library/Preferences folder.

Freeze the machine - no more popup when a user logs in.

cbmc
New Contributor

This is how I got around the problem on machines that are frozen (using Deep Freeze) - so every user, every time is a new user.

I created/modified a plist with the following values (on another machine):

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>DidSeeCloudSetup</key> <true/> <key>DidSeeSyncSetup</key> <true/> <key>DidSeeSyncSetup2</key> <true/> <key>DidSeeiCloudSecuritySetup</key> <true/> <key>LastCacheCleanupStillRunning</key> <false/> <key>LastPreLoginTasksPerformedBuild</key> <string>15F34</string> <key>LastPreLoginTasksPerformedVersion</key> <string>10.11.5</string> <key>LastSeenBuddyBuildVersion</key> <string>15F34</string> <key>LastSeenCloudProductVersion</key> <string>10.11.5</string> <key>RunNonInteractive</key> <false/> <key>ShowKeychainSyncBuddyAtLogin</key> <false/> <key>SkipFirstLoginOptimization</key> <false/>
</dict>
</plist>

Thawed the machine.

Then logged into the machine as the administrator (already on the machine), changed the permissions to the /System/Library/User Templates folder so that the administrator can make changes to the folder and all sub folders. Drop the plist file (named com.apple.SetupAssistant.plist in the sub folder /English.iproj/Library/Preferences folder.

Freeze the machine - no more popup when a user logs in.

john_bailey
New Contributor II

Below is the updated version of our script for 10.12:

#!/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin export PATH
scriptfn=$(echo "$0" | sed 's/.*///g') # script filename
scriptfnPath=$(dirname "$0") # script file path
home_loc=$(cat /private/tmp/home_loc)
user_shortname=$(cat /private/tmp/user_shortname)
if [[ "$home_loc" == "" ]]; then
    exit 1
elif [[ "$user_shortname" == "" ]]; then
    exit 1
fi
#####################################################################################################################################

OSVersion=$(sw_vers -productVersion)
OSBuild=$(sw_vers -buildVersion)
BuildVersionStampAsNumber=$(defaults read /Library/Preferences/com.apple.loginwindow OptimizerLastRunForBuild)
SystemVersionStampAsNumber=$(defaults read /Library/Preferences/com.apple.loginwindow OptimizerLastRunForSystem)

# Disable setup assistant
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" DidSeeAvatarSetup -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" DidSeeCloudSetup -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" DidSeeiCloudLoginForStorageServices -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" DidSeeSiriSetup -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" DidSeeSyncSetup -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" DidSeeSyncSetup2 -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" RunNonInteractive -bool true
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" GestureMovieSeen ""
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" LastPreLoginTasksPerformedBuild "$OSBuild"
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" LastPreLoginTasksPerformedVersion "$OSVersion"
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" LastSeenBuddyBuildVersion "$OSBuild"
defaults write "$home_loc/Library/Preferences/com.apple.SetupAssistant" LastSeenCloudProductVersion "$OSVersion"
defaults write "$home_loc/Library/Preferences/loginwindow" BuildVersionStampAsString "$OSBuild"
defaults write "$home_loc/Library/Preferences/loginwindow" SystemVersionStampAsString "$OSVersion"
defaults write "$home_loc/Library/Preferences/loginwindow" BuildVersionStampAsNumber -int "$BuildVersionStampAsNumber"
defaults write "$home_loc/Library/Preferences/loginwindow" SystemVersionStampAsNumber -int "$SystemVersionStampAsNumber"

chown "$user_shortname" "$home_loc/Library/Preferences/com.apple.SetupAssistant.plist"
chown "$user_shortname" "$home_loc/Library/Preferences/loginwindow.plist"