Posted on 09-12-2018 06:42 AM
I need a way to force logout the user after FileVault2 has been enabled. I see some old post from 2014, but nothing new. Any ideas how to force log out the user which would be the local admin account once FileVault 2 has been kicked off.
I tried this didn't work
#!/bin/sh
#
# Step 1: Log out Active User command.
CurrentUser=$(stat -f%Su /dev/console)
OtherActiveUsers=$( who | grep -v _mbsetupuser | grep -v ttys000 | grep -v "$CurrentUser" | sed 's/console.*//' )
loggedInUID=$( echo "$OtherActiveUsers" | while read userName; do
id -u "$userName"
done )
echo "$OUsers" | while read userName; do
echo "$loggedInUID" | xargs /bin/launchctl asuser "$loggedInUID" sudo -iu "$userName" "/usr/bin/osascript -e 'tell application "loginwindow" to «event aevtrlgo»'"
done
exit 0
and this
#!/bin/sh
## Get the logged in user's name
loggedInUser=$( ls -l /dev/console | awk '{print $3}' )
## Get the PID of the logged in user
loggedInPID=$( ps -axj | awk "/^$loggedInUser/ && /Dock.app/ {print $2;exit}" )
## Use the above to run Applescript command to logout using keystroke commands
/bin/launchctl bsexec "${loggedInPID}" sudo -iu "${loggedInUser}" "/usr/bin/osascript -e 'tell application "System Events" to keystroke "q" using {command down, option down, shift down}'"
Posted on 07-18-2024 12:20 AM
It's interesting that still in year 2024 there is no seamless solution for this.
We are currently in POC for Jamf, enrolled 10 devices and now I must message to all users who volunteered to participate in POC to logoff in order to enable FileVault.
There should be messaging system that will allow users to postpone logoff several times and force them.