Jamf Nation Community

donmontalvo · ‎04-18-2012

Mac has 10 partitions. I know I logged in using my AD account on partition #4.

So I image partition #5, and I get this prompt when it's done imaging.

How do we prevent this prompt from coming up? AD binding settings do not prompt for user account to be created locally...this seems to be "finding" other accounts on other partitions that are in AD and prompting to allow?!

external image link

--
https://donmontalvo.com

rtrouton · ‎04-18-2012

Here's the defaults command to disable:

sudo defaults write /Library/Preferences/com.apple.loginwindow EnableExternalAccounts -bool false

View solution in original post

gregneagle · ‎04-18-2012

" Curious though, when I run defaults read on the same command I get "0" instead of "False". Is this normal for these kinds of defaults commands?"

Yes.

defaults read-type /Library/Preferences/com.apple.loginwindow EnableExternalAccounts

will tell you the type of the key; you can't tell from the value.
"0" could be the string "0", an integer value of 0, or boolean False.

View solution in original post

donmontalvo · ‎04-18-2012

Great...when I try to respond to the prompt I get an authentication prompt. Definitely not something we want non-admin users running multiple partition Macs to get...

OY!

Don

external image link

--
https://donmontalvo.com

Matt · ‎04-18-2012

I would love to remove that as well! When people have home folders on externals it asks this and can confuse the clients and our techs. Maybe an MCX????

rtrouton · ‎04-18-2012

Here's the defaults command to disable:

sudo defaults write /Library/Preferences/com.apple.loginwindow EnableExternalAccounts -bool false

Matt · ‎04-18-2012

external image link

donmontalvo · ‎04-18-2012

@rtrouton You rock! I'll add this as a script to run on first reboot.

--
https://donmontalvo.com

Matt · ‎04-18-2012

Just added this as an MCX. Works perfectly!

nessts · ‎04-18-2012

are you sure new AD users can login now?

Matt · ‎04-18-2012

I didn't test with AD only with Non AD users. Let me see.

donmontalvo · ‎04-18-2012

@rtrouton I added the command as a "run at boot" script at imaging time and it works fine. No more prompt, and I was able to log in using my domain credentials. Curious though, when I run defaults read on the same command I get "0" instead of "False". Is this normal for these kinds of defaults commands?

Don

--
https://donmontalvo.com

gregneagle · ‎04-18-2012

" Curious though, when I run defaults read on the same command I get "0" instead of "False". Is this normal for these kinds of defaults commands?"

Yes.

defaults read-type /Library/Preferences/com.apple.loginwindow EnableExternalAccounts

will tell you the type of the key; you can't tell from the value.
"0" could be the string "0", an integer value of 0, or boolean False.

donmontalvo · ‎04-18-2012

@gregneagle That's good to know...let me know if these kinds of tidbits are in your (and Ed's) MCX book; if so I'm happy to grab a copy. Clearly there's stuff left for us to learn. ;)

http://www.amazon.com/Enterprise-Managed-Preferences-Edward-Marczak/dp/1430229373

--
https://donmontalvo.com

gregneagle · ‎04-18-2012

The defaults command is covered on pages 40-42, and yes, determining the type of a value using `defaults read-type` is covered as well.

But you can also just read the output of `man defaults`.

donmontalvo · ‎04-19-2012

Well that sucks...so now that we don't get a prompt, I'm finding that when I boot into partition #4 using my domain credentials, the Mac automagically uses the home directory on partition #5.

Make it stop! :)

--
https://donmontalvo.com

Jamf Nation Community

Prompted after imaging (Lion, multiple partitions)