Prevent iCloud Keychain local items folder from recreating


Hi All,

Just wanting to bounce this around the community so see if anyone can riddle me this.
I want to prevent the creation of the iCloud keychain folder that appears in the user library at ~/Library/Keychains/Local items folder using machine UUID.

As we operate in an AD environment which forces users to change password every three months we are getting numerous tasks to do with the keychain pop ups requesting updating of the local items pertaining to iCloud keychains.
We have iCloud locked down and as far as I am aware no user has iCloud enabled. Still the OS insists on creating the folder in the users keychains folder. Users can't be relied upon to enter their previous password to update the local and or even if they do sometimes it doesn't work.

I have been going through numerous launch agents, frameworks etc that could be responsible for creating this folder in the users Keychain folder but not coming up with anything.
iCloud keychain is an enterprise abomination and I'd like to be able to control it with a little more vigour than having to delete the iCloud login keychain folder and rebooting for it to recreate and sync for every user who comes up against it.

Has anyone been down this path that could enlighten me?




This is driving us crazy too. We're in the same boat; on AD with a 90 day cycle.
No solution but the work-around for us is to put a Self Service utility in place that users can run after every password change that wipes the local items junk, preserves their login keychain then reboots to make a new empty default local items keychain. Ugly but it seems to be working.


rm -fdR ~/Library/Keychains.old
mv -f ~/Library/Keychains ~/Library/Keychains.old
mkdir -m 777 ~/Library/Keychains
mv ~/Library/Keychains.old/login.keychain ~/Library/Keychains/login.keychain

  • Scott Beach