Locked User Accounts
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-28-2023 12:20 AM
Hi all,
i have a question about locked user accounts. Is it possible to deny complete access to a MacBook after the user has been locked in Microsoft Azure? We recently had a case where a user was locked out but still had access to his MacBook through his "local account".
Is this possible or do we always have to click on Lock Computer in Jamf?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-28-2023 02:20 AM
If the mac has a local account, by definition it isn't using your domain services, so unfortunately yes you would need to lock the machine or use code: "pwpolicy -u $username disableuser"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-28-2023 04:27 AM
the mac is in our remote management so there should be no local account. Is there another solution then?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-28-2023 06:29 AM - edited 04-28-2023 06:29 AM
In more detail;
If the Mac is still checking in with jamf then you can create a policy to run the command I mentioned above, you can even force a logout.
Create a new policy - give it a name like lock login session, set trigger to Recurring Check-in, Frequency Once per computer
Files and Processes
Execute Command - "pwpolicy -u $username disableuser; killall loginwindow" where $username is the login of the user you want to disable.
Scope this policy to the Mac
Or more simply lock the Mac with the MDM command...
