I have been asked to disable the ability for a certain user from logging into their encrypted MacBook Pro. Local account it appears. Any suggestions?
Question
Disable the ability for a user to login
+10
+15This sounds somewhat like an HR/People problem, but if the Mac is past the FileVault screen with a connection to your JSS, you can:
-Send a Lock Computer command
-Change the user's password
+24An MDM Lock command would do it, and it should happen just about immediately. There's absolutely nothing you can do to prevent someone from logging in past FileVault (short of physically removing the machine from them) since the OS isn't really booted at that point and there's no network connection. As @sshort mentioned you would have to address it after they log in.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.