Disable the ability for a user to login

New Contributor III

I have been asked to disable the ability for a certain user from logging into their encrypted MacBook Pro. Local account it appears. Any suggestions?


Valued Contributor

This sounds somewhat like an HR/People problem, but if the Mac is past the FileVault screen with a connection to your JSS, you can:

-Send a Lock Computer command
-Change the user's password

Legendary Contributor III

An MDM Lock command would do it, and it should happen just about immediately. There's absolutely nothing you can do to prevent someone from logging in past FileVault (short of physically removing the machine from them) since the OS isn't really booted at that point and there's no network connection. As @sshort mentioned you would have to address it after they log in.