Jamf Nation Community

We already have messages and iCloud drive blocked. Ideally we would want them signed out completely. Is this just no longer possible in Catalina?

@sdamiano Did you find a way to do this? We are having the same issues. Kids can login, but can't log out.

Same issue here. Been trying to force the logout but all scripting attempts so far haven't seem to work.

@talkingmoose do you happen to have the secret sauce for this? I've got a few kiddos that can't sign out and they have screen restrictions on their personal Apple ID so it's carrying over to the school device as well.

@swallace I recently helped a customer with a similar need. This doesn't quite delete the entire account, but it does remove all references to it in Internet Accounts. Attempting to sign in again notifies the account already exists, effectively making it useless on the Mac.

Test and see if the following script works for you. In your testing, you'll need to restart System Preferences (or quit it between attempts running the script) before you'll see changes reflected there.

#!/bin/bash

currentUser=$( /usr/bin/stat -f "%Su" /dev/console )
homeFolder=$( /usr/bin/dscl . read "/Users/$currentUser" NFSHomeDirectory )

/usr/bin/sqlite3 $homeFolder/Library/Accounts/Accounts4.sqlite "DELETE FROM ZACCOUNT WHERE ZUSERNAME LIKE '%@%'"

@talkingmoose I keep getting a Error: near "/": syntax error when I try copy/pasting your script, am I doing something wrong?

@jmitchell74, should be pretty straightforward, but I likely tested this on macOS Catalina. Are you using Big Sur or something else?

Change the shebang on the first line to #!/bin/bash -x. This should give more verbose output. If there's nothing confidential, maybe post it back here.

Turn off the internet connection from the device. When offline you should have no problem signing out.
It seems that as long as your devices are "communicating" with each other signing out from one device is not possible, especially when all the data between the devices/ iCloud accounts does not match.
I know I`m almost four years late from the original question, but I hope this will be at least of some help for those to face the same issue in the future.

how to download facetime on windows

@talkingmoose This is message I get after using the #!/bin/bash -x shebang
+ /usr/bin/stat -f %Su /dev/console
currentUser=user
+ /usr/bin/dscl . read /Users/user NFSHomeDirectory
homeFolder='NFSHomeDirectory: /Users/user'
+ /usr/bin/sqlite3 NFSHomeDirectory: /Users/user/Library/Accounts/Accounts4.sqlite 'DELETE FROM ZACCOUNT WHERE ZUSERNAME LIKE '''%@%''''
Error: near "/": syntax error

@jmitchell74, just reviewed the code I provided and if you copied/pasted it, then that may be the problem.

On the line with the sqlite3 command, there should be a space after $homeFolder. That might explain the error message. Here's the corrected version:

#!/bin/bash

currentUser=$( /usr/bin/stat -f "%Su" /dev/console )
homeFolder=$( /usr/bin/dscl . read "/Users/$currentUser" NFSHomeDirectory )

/usr/bin/sqlite3 $homeFolder /Library/Accounts/Accounts4.sqlite "DELETE FROM ZACCOUNT WHERE ZUSERNAME LIKE '%@%'"

I was getting the same error, so I changed the script a bit to work in our environment. My question is there anything else we can do to finish the force the sign out of the apple id so it doesn't have to prompt with the "already logged in" and "open internet accounts"?

(PS this script only works if the current username is the same as the home folder, which it always is in our environment.)

#!/bin/bash

currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
homeFolder="/Users/$currentUser"

/usr/bin/sqlite3 $homeFolder/Library/Accounts/Accounts4.sqlite "DELETE FROM ZACCOUNT WHERE ZUSERNAME LIKE '%@%'"
exit 0

Gabe Shackney
Princeton Public Schools

Sadly this doesn't seem to be 100% in Monterey. It does remove some of the login, but then the OS is like "re-login to restore iCloud functionality". =( and when going to login, you see Login to "(null)" =/