Posted on 04-29-2024 06:06 AM
Hello All,
I've seen some older posts on here in regards to logging users out of their iCloud account but can't get them working as of right now.
We are looking to disable iCloud across our org, but some users are logged in. I've tested disabling iCloud via a config profile, which works, but doesn't log anyone out of iCloud that's already logged in.
Does anyone have a working script that logs a user out of their iCloud account?
Solved! Go to Solution.
Posted on 04-30-2024 05:06 PM
#!/bin/bash
currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
homeFolder="/Users/$currentUser"
/usr/bin/sqlite3 $homeFolder/Library/Accounts/Accounts4.sqlite "DELETE FROM ZACCOUNT WHERE ZUSERNAME LIKE '%@%'"
exit 0
Posted on 04-29-2024 06:10 AM
Not sure there is one these days... We use a dialog, repeating daily, then more often.. and a smart group and config profile that blocks it when its not logged in. That gets most... then its a quiet word for the remaining.
Posted on 04-29-2024 06:26 AM
@MPL It's been a while since I looked at this, but when I was working on disabling iCloud services via a Restrictions payload not turning off the services but simply disabling the UI for the service I did not find a way to sign the user out without requiring user interaction. My guess is this is still the case so you'll need an EA like the one below to find users who are signed in to an Apple ID and use it as a Smart Group criteria to scope a Policy to notify users they need to log out.
#!/bin/sh
# EA - Get Apple ID
result="None"
## Get logged in Apple ID user
loggedInUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
iCloudAccount=$(defaults read /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist Accounts | grep AccountID | cut -d '"' -f 2)
if [ -n "$iCloudAccount" ]; then
result="$iCloudAccount"
fi
echo "<result>$result</result>"
Posted on 04-29-2024 06:47 AM
You can block the iCloud services with MDM, but there is no way to force log a user out. Honestly, Apples entire management of AppleID's on devices is absolutely miserable. This is an Apple gap, not Jamf, and I cannot stress enough submit Apple Feedback on this.
Posted on 04-30-2024 12:07 PM
I would like to block the ability of an end user from creating an Apple ID. We don't want personal Apple ID's on our corporate devices. What would be the best way to do this? I tried Restrictions but don't know the app name for this. I know I can restrict the Apple Store but I need full blockage of creating an account. Preferably the block should happen during enrollment. Any ideas?
Posted on 04-30-2024 12:16 PM
disable in prestage - block via restrictions config profile - done
use app restrictions to kill App Store
Posted on 04-30-2024 12:36 PM
Apple Id creation is prestage is disabled.
App Store is restricted.
IDK how to "block via restrictions config profile" - any help here with this config profile?
Posted on 04-30-2024 12:41 PM
the restrictions profile is something we all love to hate.. due to all the settings it pushes.. but blocking Apple ID is one of many parts
Posted on 04-30-2024 05:06 PM
#!/bin/bash
currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
homeFolder="/Users/$currentUser"
/usr/bin/sqlite3 $homeFolder/Library/Accounts/Accounts4.sqlite "DELETE FROM ZACCOUNT WHERE ZUSERNAME LIKE '%@%'"
exit 0
Posted on 05-01-2024 11:53 AM
I receive this error message on 3 macs:
Script result: Error: unable to open database "/Users/robert.buss/Library/Accounts/Accounts4.sqlite": authorization denied
Posted on 08-12-2024 10:32 AM
fiddling with sqlite databases it pretty much a hack.. and I would wager a bad idea. The only approved route is for the user to remove themselves.