Force user Sign-Out of Mac AppStore / iCloud

ddasilva
New Contributor

Hi All,

Looking for a way to sign our users out of the AppStore and iCloud as we plan on restricting those going forward.

Found a few discussions like This Post but it doesn't seem to be working on El Capitan. We've noticed the ~/Library/Preferences/com.apple.storeagent.plist file doesnt seem to exist anymore as well.

Has anyone had any success doing this?

1 ACCEPTED SOLUTION

tobiaslinder
Contributor II
Contributor II

Just distribute the Mac App Store command line interface with Casper:

Link

Then you can run the command

mas signout

View solution in original post

10 REPLIES 10

tobiaslinder
Contributor II
Contributor II

Just distribute the Mac App Store command line interface with Casper:

Link

Then you can run the command

mas signout

Ricky
Contributor

@tobiaslinder What would be the best way for one to distribute this? Do a detailed composer snap and install from source?

mm2270
Legendary Contributor III

I'd never seen this tool before. Thanks for posting the link to it @tobiaslinder Looks useful, but I haven't yet figured out what I would use it for.

@Ricky No need to go through a whole snapshot for that. Go to the Releases page and download the compiled version. Place it where you want it to go on your Mac, like say in, /usr/local/bin/ and then open Composer. Drag the binary from /usr/local/bin/ into the Composer sidebar and it will create a new source with the binary only in it. Whole process takes about a minute, including downloading it!

Ricky
Contributor

@mm2270 Wow that was a simple process! Thank you very much for the help. :)

tobiaslinder
Contributor II
Contributor II

Yes @mm2270, it really is an awesome tool. You could basically update your appstore apps that you distributed without VPP by running a policy with the commands:

mas signin
mas upgrade
mas signout

Not the way apple would like us too do it but definitely also a way to get the job done on machines that are not personalized.

Ricky
Contributor

@tobias2006 Can that command be put in a single script, which is then put in a policy? Will the script run as
1) mas signin
2) mas upgrade
waits to complete
3) mas signout

ddasilva
New Contributor

Thanks @tobiaslinder .

I had never heard of this tool but it did the trick!

mcmeekin91
New Contributor II

Going to ask here before starting a new discussion. The mas signout works fine for me if i type it in manually but if I try to push a script out to do it it won't work. History says the script ran fine and exited but the user is still logged in. I've been testing it on a 10.12 machine. I attached a screen shot of my script. Any suggestion?21f08dba09c64763bc6798a339e05537

nchan-jn
New Contributor II

@mcmeekin91 Have you ever figured out how to run mas via policy? I've tried using launchctl asuser [uid] /usr/local/bin/mas but doesn't work. I've also tried sudo -u [logged in user] /usr/local/bin/mas and that isn't working either.

Seems like it's trying to use mas under management account or root.

Ajayv
New Contributor III

Hi @ddasilva ,
Is this working for you. have you tested on Catalina. Could you please help me to resolve this. The mas signout works fine for me if I type it in manually but if I try to push a script out to do it it won't work on catalina10.15.3.