iCloud - System Admin Password Required

New Contributor III

Does anyone know what is happening behind the scenes with the iCloud system

We are rolling out Lion and are encouraging the use iCloud. But the fact
that it requires an admin password is causing an issue. I think it is
adding something to the user.plist... I'd like to be able to make the
necessary changes so the user isn't faced with the admin password request.


Maura Fennelly
Technology Department
Archbishop Mitty High School
mfennelly at mitty.com


Valued Contributor II

are you sure its an admin password you are being prompted for?
I think its to add the icloud password and ssl certificate into the keychain. which may be an admin pw now that I think about it.
since we disable icloud everywhere at this point I don't remember from playing with it, but I would guess its adding a cert to the system keychain.

Todd Ness
Technology Consultant/Non-Windows Services
Americas Regional Delivery Engineering
HP Enterprise Services

New Contributor III

Same issue here.. unfortunately you do indeed need a admin account to have users add thier iCloud ID.. iCloud takes over the device itself.. not just the user account is the reason I was given. Really makes it a PITA.. Most people who are deploying Lion at this point are just suppressing the iCloud promt, since iCloud doesn't yet have that many benefits for laptops users.

I have also been told that you can edit the ect/authorization file to give access.. but that would give them access to other things as well..

<key>system.services.directory.configure</key> <dict> <key>class</key> <string>rule</string> <key>comment</key> <string>For making Directory Services changes.</string> … </dict> <key>rule</key> <string>root-or-admin-or-authenticate-admin</string> </dict>

If you find a solution please share it with us!:)

I'm up at MC give me a call if you want..

Release Candidate Programs Tester

AFAIK, Admin access is required for:

  • Find My Mac/Back To My Mac
  • Adding AppleID to user account

Photo stream, document saving to iCloud & bookmark syncing do not require admin credentials.

Tbh, I'm quite happy with that... The AppleID password reset will not work if you have a directory service & it also stops a disgruntled employee from remotely wiping a mac after they have left the company.

New Contributor III

yes, makes sense.. BYOD is the way to go with apple from here on out.. honestly thinking about making all users admins next year with network time machine backups and an AD directory server... easier to manage...scrap the portable homes and MCX lock down.. think BYOD with support and direction with configuration profiles..