Remove Messages account via policy or script

What about changing the rights/ownership on the app, then have an EA for detecting when that changes and reapply the restriction?

@andrew.nicholas I'm guessing that SIP might stop that.

@nadams Are they signed into iCloud on the Macs then?

@bentoms They're signed in to Messenger, which I believe stores its data in iCloud. However, I don't think you have to have a full iCloud sign-in for it to work. It just prompts you to sign in to Messages when you first open it. On my test machine, I'm signed in to Messages, but when I go to the iCloud settings in System Preferences, it prompts me to sign in as if it's not set up.

One option is to delete the Messages app of their computer.

@elund It's built into the OS... deleting it has the potential to cause a lot of problems.

Just for giggles, I set up a software restriction policy that was set to delete the app after detection, and it didn't work on my test machine.

Pretty sure SIP is stopping the wipe.

I was hoping you could block them from iCloud to resolve this, but doesn't sound like it will.

Also, as this is some of the messages API'a being accessed via Mail.. this is why the blocks aren't working.

Hmm.. I wonder if they is something in the mail.app that could disable this functionality.

@nadams Yes, that could lead to problems. I had one student machine that I deleted it from last year without any ill effects reported.

@bentoms Could I possibly do something with editing the keychain? Disabling and enabling the account in Messages results in 3 keychain entries being modified:

ids: message-protection-public-data-registered
com.apple.facetime: registrationV1
ids: personal-public-key-cache

All 3 have a type of "Application password"

EDIT - deleting com.apple.facetime: registrationV1 resulted in the account being broken within Messages (oddly enough, it continues to work for Facetime). If you try to send a message through the contacts, it says that it failed to send and gives you the option to open the Messages app to fix it (which obviously doesn't work due to the software restriction). It doesn't seem to completely remove the account... it just forgets the password.

@nadams Apple are locking down the KeyChain more & more from a remote changing perspective.

So I'd probably not go down that route.

Is messages using Bonjour to see whom is around? Perhaps disabling bonjor will stop this too.

@bentoms Crap, I was hoping that the keychain would be an easy fix. I can see why they wouldn't want it edited remotely, though.

I don't think it cares to see who is around. I can put any email address in and it will try to send the message whether they're nearby or not.

I might see if my Jamf guy has any thoughts on it... Just wish I would've restricted the stupid thing from the start.