Disable TouchID on new MacBook Pro

roiegat
Contributor III

I need some help in figuring out how to disable the TouchID feature on the new MacBook Pro for now. In testing we found that it's been causing some AD lockout issues, and since we want to deploy these Macs before the 12.2.3 hits that suppose to fix this - I figured it would be easier to just disable the TouchID option for now and enable it later.

So, I fired up Composer and told it to snapshot both new and modified files and proceeded to disable the TouchID for unlocking the machine (the other two options wouldn't work anyway since we don't allow iCloud access). I then checked the files, and none of them seem to be related to the touchID feature.

I'm assuming there is some plist file out there that keeps track of the options the user chooses. Ideally I'd like to lock that down with the options turned off, and then hide the touchID and Wallet system panel.

Any ideas? Anyone else having these issues?

12 REPLIES 12

clint5047
New Contributor III

I've been using this Config Profile, which has been working well: https://github.com/tmhoule/DisableTouchID

roiegat
Contributor III

@chuinder Thanks.....will check it out.

dfarnworth_b
New Contributor III

You can also use bioutil to disable TouchID. Charles Edge has a recent article on usage: http://krypted.com/mac-os-x/programatically-manage-fingerprints-os-x/

roiegat
Contributor III

So far using the configuration profile it works...but not that nice. If a new user logs in it still asks if to activate Siri (still need to figure how to disable it)...then it brings ups the fingerprint window...but says it failed - so you have to click skip to make it past it. So in theory it would be nice to have a user log in and not see those two windows. Will check out the Charles Edge article.

ocla__09
Contributor

@tmhoule I uploaded your mobileconfig file to disable touch ID but there appears to be no configs in the profile. I see the raw data for the plist on github, but when uploaded to Jamf Pro there is nothing there. Just FYI.

clint5047
New Contributor III

@ocla&&09 Yeah I ran into that issue with Jamf Pro. We ended up locally writing the .mobileconfig through a script and installing it with the profiles utility. Another thing to note is that in our testing we found that if you want to enable Touch ID after disabling it, you'll need to do it with another Config Profile.

@roiegat https://github.com/rtrouton/profiles/tree/master/SkipSiriSetup

roiegat
Contributor III

@chuinder I think it's because Casper...sorry JAMF Pro doesn't know about the TouchID yet. I went in with TextWrangler and modified it for my needs. It seemed to work better then the bioutil command line.

hkabik
Valued Contributor

@dfarnworth_barc - Thanks for that link. Was trying to figure out a way to make some EA's for TouchID usage tracking and that guide gave me exactly what I needed.

jamesgreenMatte
New Contributor II

Same thing here. There was nothing in the config profile after downloading. We are still on 9.96. Does it work better in 997? Is there a system preferences option to disable in 997 vs 996?

cbd4s
Contributor II

com.apple.SetupAssistant.managed - SkipCloudSetup, SkipSiriSetup, SkipPrivacySetup, SkipiCloudStorageSetup, SkipTrueTone, SkipAppearance, SkipTouchID

Jamf Pro 10.23.0
Configuration Profiles > Application & Custom Settings: Configure Settings
Source: Custom Schema
Preference Domain: com.apple.SetupAssistant.managed

{
"title": "Setup Assistant (com.apple.SetupAssistant.managed)",
"description": "macOS payload specifying Setup Assistant options",
"type": "object",
"properties": {
"SkipPrivacySetup": {
"title": "Skip Privacy Setup",
"description": "If true, skip the Privacy consent window. Available in macOS 10.13.4 and later.",
"property_order": 5,
"type": "boolean"
},
"SkipCloudSetup": {
"title": "Skip Cloud Setup",
"description": "If true, skip the Apple ID setup window. Available in macOS 10.12 and later.",
"property_order": 10,
"type": "boolean"
},
"SkipSiriSetup": {
"title": "Skip Siri Setup",
"description": "If true, skip the Siri setup window. Available in macOS 10.12 and later.",
"property_order": 15,
"type": "boolean"
},
"SkipCloudStorageSetup": {
"title": "Skip Cloud Storage Setup",
"description": "If true, skip the iCloud Storage window. Available in macOS 10.13.4 and later.",
"property_order": 20,
"type": "boolean"
},
"SkipTrueTone": {
"title": "Skip True Tone",
"description": "If true, skip the True Tone Display window. Available in macOS 10.13.6 and later.",
"property_order": 25,
"type": "boolean"
},
"SkipAppearance": {
"title": "Skip Appearance",
"description": "If true, skip the Choose Your Look window. Available in macOS 10.14 and later.",
"property_order": 30,
"type": "boolean"
},
"SkipTouchIDSetup": {
"title": "Skip Touch ID Setup",
"description": "If true, skip the Touch ID setup windows.",
"property_order": 35,
"type": "boolean"
}
}
}

RamosC
New Contributor II

@cbd4s I am still a newbie to everything scripting. How did you find the " property_order" of each one?

I am trying to tweak this to include Screen Time and Accessibility windows.

Thank you!

MatthewT
New Contributor

This article doesn't seem to work ... instead see this article:
https://community.jamf.com/t5/jamf-pro/disable-new-user-account-fingerprint-prompt/td-p/257122