Force Logout of iCloud Catalina

sdamiano
Contributor II

Unfortunately, we didn't catch the new iCloud preference pane in time, allowing some users to sign in despite us not wanting them to.

I have tried deleting MobileMePreferences.plist as well as anything in ~/Library/Preferences/com.apple.[anything iCloud related] as well as ~/Library/Caches/com.apple[anything iCloud related], perform a killall cfprefsd and killall finder, and unfortunately, these methods no longer work in Catalina.

I have looked through a number of posts on here, however, there isn't a thread modern enough that addresses this issue in Catalina.

How can we force a log out of iCloud in Catalina remotely? We are already able to address the System Preferences issue.

13 REPLIES 13

ericbenfer
Contributor III

One way to mitigate this is to disable the iCloud features using the restrictions payload.
Does not matter if someone logs into iCloud if they do not have access to things like iCloud drive.

sdamiano
Contributor II

We already have messages and iCloud drive blocked. Ideally we would want them signed out completely. Is this just no longer possible in Catalina?

swallace
Contributor

@sdamiano Did you find a way to do this? We are having the same issues. Kids can login, but can't log out.

roiegat
Contributor III

Same issue here. Been trying to force the logout but all scripting attempts so far haven't seem to work.

swallace
Contributor

@talkingmoose do you happen to have the secret sauce for this? I've got a few kiddos that can't sign out and they have screen restrictions on their personal Apple ID so it's carrying over to the school device as well.

talkingmoose
Moderator
Moderator

@swallace I recently helped a customer with a similar need. This doesn't quite delete the entire account, but it does remove all references to it in Internet Accounts. Attempting to sign in again notifies the account already exists, effectively making it useless on the Mac.

Test and see if the following script works for you. In your testing, you'll need to restart System Preferences (or quit it between attempts running the script) before you'll see changes reflected there.

#!/bin/bash

currentUser=$( /usr/bin/stat -f "%Su" /dev/console )
homeFolder=$( /usr/bin/dscl . read "/Users/$currentUser" NFSHomeDirectory )

/usr/bin/sqlite3 $homeFolder/Library/Accounts/Accounts4.sqlite "DELETE FROM ZACCOUNT WHERE ZUSERNAME LIKE '%@%'"

justm174
New Contributor III

@talkingmoose I keep getting a Error: near "/": syntax error when I try copy/pasting your script, am I doing something wrong?

talkingmoose
Moderator
Moderator

@jmitchell74, should be pretty straightforward, but I likely tested this on macOS Catalina. Are you using Big Sur or something else?

Change the shebang on the first line to #!/bin/bash -x. This should give more verbose output. If there's nothing confidential, maybe post it back here.

user-gYjOoIcUJu
New Contributor

Turn off the internet connection from the device. When offline you should have no problem signing out.
It seems that as long as your devices are "communicating" with each other signing out from one device is not possible, especially when all the data between the devices/ iCloud accounts does not match.
I know I`m almost four years late from the original question, but I hope this will be at least of some help for those to face the same issue in the future.

how to download facetime on windows

justm174
New Contributor III

@talkingmoose This is message I get after using the #!/bin/bash -x shebang
+ /usr/bin/stat -f %Su /dev/console
currentUser=user
+ /usr/bin/dscl . read /Users/user NFSHomeDirectory
homeFolder='NFSHomeDirectory: /Users/user'
+ /usr/bin/sqlite3 NFSHomeDirectory: /Users/user/Library/Accounts/Accounts4.sqlite 'DELETE FROM ZACCOUNT WHERE ZUSERNAME LIKE '''%@%''''
Error: near "/": syntax error

talkingmoose
Moderator
Moderator

@jmitchell74, just reviewed the code I provided and if you copied/pasted it, then that may be the problem.

On the line with the sqlite3 command, there should be a space after $homeFolder. That might explain the error message. Here's the corrected version:

#!/bin/bash

currentUser=$( /usr/bin/stat -f "%Su" /dev/console )
homeFolder=$( /usr/bin/dscl . read "/Users/$currentUser" NFSHomeDirectory )

/usr/bin/sqlite3 $homeFolder /Library/Accounts/Accounts4.sqlite "DELETE FROM ZACCOUNT WHERE ZUSERNAME LIKE '%@%'"

GabeShack
Valued Contributor III

I was getting the same error, so I changed the script a bit to work in our environment. My question is there anything else we can do to finish the force the sign out of the apple id so it doesn't have to prompt with the "already logged in" and "open internet accounts"?

(PS this script only works if the current username is the same as the home folder, which it always is in our environment.)

#!/bin/bash

currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
homeFolder="/Users/$currentUser"

/usr/bin/sqlite3 $homeFolder/Library/Accounts/Accounts4.sqlite "DELETE FROM ZACCOUNT WHERE ZUSERNAME LIKE '%@%'"
exit 0

Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools

rstasel
Valued Contributor

Sadly this doesn't seem to be 100% in Monterey. It does remove some of the login, but then the OS is like "re-login to restore iCloud functionality". =( and when going to login, you see Login to "(null)" =/