Local users and other users showing on login window

New Contributor

Hi all,

I recently wiped and re-added some of our lab computers to the JSS using Recon. I pushed out a login/logout configuration profile so that a username and password login screen would show for our users. We use Active Directory.

Instead, I am seeing our local accounts and an "other" option on the login screen, with the other option being a blank username and password login, and sometimes the other option isn't there.

Is there a reason it would be showing like this even though it's not even an option for configuration profiles? Any tips on how to fix it?



New Contributor III

You could try a policy with the following in a script:

defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool true

In regards to why the Config Profile isn't doing it.. is it showing in the 'Profiles' section in System Prefs?

Contributor II

@kpeake We have experienced this exact anomaly in our environment when the device has not joined AD during imaging. If the AD bind fails, the config profile applies itself but the logon screen shows as your screenshot does. If the bind is successful the logon screen looks as we have designed/configured.

Honored Contributor II
Honored Contributor II

The option in the login window configuration profile payload should apply even if the Mac isn't bound to AD. The "other" option appears when the Mac successfully connects to AD, which isn't always instant.

The possible causes would be the config profile not applying to the computer (check in System Preferences > Profiles), or two or more conflicting profiles trying to manage the login window.

As @Adminham mentions, you could drop the config profile method entirely and just use the defaults write script instead, but from what I've seen, the config profile method has worked ok.

New Contributor

Thanks all! @Adminham Thank you for the script!

@davidacland Thanks for the information about the other option appearing when the Mac connects to AD; I think you're right, it wasn't instant and caused the error.

It looks like they have two configuration profiles under System Preferences > Profiles that are setting the login window (a standard login/logout congif sent to all labs, and a config scoped to just this particular lab). Is there anyway to remove the configuration profiles from the machines?