Jamf Nation Community

Fluffy · ‎12-17-2021

We have a couple of mobile carts of MacBooks we occasionally loan out for testing or staff development days. Users will often leave online accounts signed in or have documents left in the folders. I have been seeking a way to clean up the devices without having to personally check for signed in Google accounts or downloaded files.

The first step was to enable Guest User. Upon logging out, all files are erased. This has taken care of the biggest hurdle. Then, I have been looking for a way to automate it. There are bound to be MacBooks that have not been logged out of, which would mean they would still have to be checked upon return.

I have independently tried the "Log out users after a certain time of inactivity" under Login Window and a script to automatically shutdown. Neither are suitable for this scenario, as I am using Guest User and these are MacBooks. Guest User has no log out timer and closing the MacBook will make scripting difficult.

These carts will not be sent out often, so logging them out upon return is something I can settle for. But if anyone has an alternative, it would be much appreciated. Thank you.

YanW · ‎12-17-2021

I use to run the script gotten from HERE, and it worked pretty well. That was 2 years ago, not sure if it will work on the new macOS or if that is what you need.

Fluffy · ‎12-20-2021

With a lot of learning moments and a couple of tweaks, I was able to get it deployed and running without any error codes. Sadly, either I missed something or the code no longer works. Whether I am logged in as Guest or another user, the log states that no one is logged in and therefore does not force logout.

I will have to shelve this for a later date, but was very useful. Thank you.

Fluffy · ‎12-22-2021

Couldn't drop it and came back to it. I changed the LaunchDaemon to a LaunchAgent with a shorter StartIntervals and is placed by a post install script. I moved the script from /bin to /usr/local/bin and removed the check for a logged in user.

Post install script to place LaunchAgent :

#!/bin/bash

cat << EOF > /Library/LaunchAgents/com.apple.forcelogout.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.apple.forcelogout</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/local/bin/forcelogout.sh</string>
    </array>
    <key>StartInterval</key>
    <integer>15</integer>
</dict>
</plist>
EOF

chmod 644 /Library/LaunchAgents/com.apple.forcelogout.plist
chown root:wheel /Library/LaunchAgents/com.apple.forcelogout.plist

/bin/launchctl load /Library/LaunchAgents/com.apple.forcelogout.plist

Script packaged to be placed in /usr/local/bin named forcelogout.sh :

#!/bin/bash

log="/Library/Logs/Auto_Logout/Auto_Logout.log"

function writelog () {
    DATE=$(date +%Y-%m-%d\ %H:%M:%S)
    /bin/echo "${1}"
    /bin/echo "$DATE" " $1" >> "$log"
}

mkdir -p /Library/Logs/Auto_Logout

lidClosed=$(ioreg -r -k AppleClamshellState -d 4 | grep AppleClamshellState | head -1 | awk '{print $NF}')
if [[ "$lidClosed" == "Yes" ]]; then
	writelog "Lid has been closed while still logged in; logging out."
    osascript -e 'tell application "loginwindow" to  «event aevtrlgo»'
    rm -r /Users/Guest
else
    writelog "Lid is not closed; exiting."
fi

exit 0

steepndeep · ‎09-16-2022

I was able to package the script and run the post install and it looks like everything is in the right place (I've confirmed that the plist is in LaunchAgents and the script is in usr/local/bin), however when I close the lid, nothing happens. Any thoughts? I'm logged in as an AD authenticated user. I'm running OSX 12.4

Jamf Nation Community

Inactivity/Idle Alternative to Log Out