We had some abuse of the Messages app here and decided to restrict it from running via a software restriction policy. This policy works fine, in that if you try to launch Messages, you just get a notice that it's been disabled. However, the students, enterprising as they are, have found a way around that. If you make a contact (in the standard "contacts" window) with an email address, the option is there to send that contact a message. It opens up a small Messages window which you can use to send a quick message. If you wait too long, the software restriction policy will kick it out, so you have to be quick.
Once the student on the other end receives the message, they get notified that they have a new message, but can't read it because they can't open Messages. This process also generates a ton of notifications about Messages being blocked.
What I'd like to do is remove their iTunes account from the configuration, because if there's no account configured, they can't open Messages to add one, and it won't let them send the message. Obviously they had all set up their accounts prior to the restriction policy being in place. Is there a way for me to "unconfigure" iMessage via a policy or script? I can't just remove the entire app since it's baked in to OS X.
@bentoms They're signed in to Messenger, which I believe stores its data in iCloud. However, I don't think you have to have a full iCloud sign-in for it to work. It just prompts you to sign in to Messages when you first open it. On my test machine, I'm signed in to Messages, but when I go to the iCloud settings in System Preferences, it prompts me to sign in as if it's not set up.
Pretty sure SIP is stopping the wipe.
I was hoping you could block them from iCloud to resolve this, but doesn't sound like it will.
Also, as this is some of the messages API'a being accessed via Mail.. this is why the blocks aren't working.
Hmm.. I wonder if they is something in the mail.app that could disable this functionality.
@bentoms Could I possibly do something with editing the keychain? Disabling and enabling the account in Messages results in 3 keychain entries being modified:
All 3 have a type of "Application password"
EDIT - deleting com.apple.facetime: registrationV1 resulted in the account being broken within Messages (oddly enough, it continues to work for Facetime). If you try to send a message through the contacts, it says that it failed to send and gives you the option to open the Messages app to fix it (which obviously doesn't work due to the software restriction). It doesn't seem to completely remove the account... it just forgets the password.
@bentoms Crap, I was hoping that the keychain would be an easy fix. I can see why they wouldn't want it edited remotely, though.
I don't think it cares to see who is around. I can put any email address in and it will try to send the message whether they're nearby or not.
I might see if my Jamf guy has any thoughts on it... Just wish I would've restricted the stupid thing from the start.