Help

Self Deleting Mac Account

danielbaxley
New Contributor

Posted on ‎02-26-2024 11:58 AM

Hi! I've been asked to create a configuration/policy/etc that allows full access to the Mac, but also deletes all stored files upon logout and becomes a fresh OS install. Guest Mode only allows access to safari, which is insufficient for our needs. I've been looking around online for a while but perhaps I just don't know the correct search terminology. 

Anyone created a policy like this before that creates an account on the Mac that wipes itself of stored files and cookies etc when you log out of it?

 

0 Kudos
Reply
5 REPLIES 5

jamf-42
Valued Contributor II

‎02-26-2024 01:00 PM - edited ‎02-26-2024 01:22 PM

on reboot.. you can bin the account via policy and on startup create account and add a policy on logout to reboot.. 

0 Kudos
Reply

AJPinto
Honored Contributor III

Posted on ‎02-27-2024 05:01 AM

This is not really what macOS is designed to do. You can delete the user profile on logout with some crafty scripts, but there is no way to ensure that all files created by that account are deleted and certainly no way tell macOS to reinstall itself contently with a MDM. Your best option may be something like deep freeze Reboot Restore Software for Mac OSX | Deep Freeze for Mac (faronics.com).

0 Kudos
Reply

scottb
Honored Contributor

Posted on ‎02-27-2024 12:44 PM

Maybe there's a way to trigger an EACS at logout, but that seems like a lot of effort.

 

0 Kudos
Reply

roiegat
Contributor III

Posted on ‎02-28-2024 05:58 AM

My question is who's running the policy and from what machine?  Since the machine needs to be fresh after reboot, you can't really run the policy on there.  So you would have to be able to run the policy from another machine via self service, and maybe input the computer name to it to create the account.

Creating the account can be done either via policy or a script...depends on how fancy you want to get with it.

Then on logout just run another script to delete the user.


 

0 Kudos
Reply

easyedc
Valued Contributor II

Posted on ‎02-29-2024 06:15 AM

LLLOOOONNNNGGG ago I know that a certain retail store that sold may apple products used DeepFreeze for all their demo devices on the sale floor.  it's been nearly 15 years since I worked there, but I still assume that's how they manage those devices.  However I think DeepFreeze still requires a reboot to perform it's clean.  

 

What you're essentially asking for is a containered experience, which isn't really anything I've ever been able to accomplish through native/Jamf tools.  Short of running a VM in full screen and restoring a snapshot on log out I don't think you'll find a great solution. 

0 Kudos
Reply