Posted on 12-17-2021 07:56 AM
We have a couple of mobile carts of MacBooks we occasionally loan out for testing or staff development days. Users will often leave online accounts signed in or have documents left in the folders. I have been seeking a way to clean up the devices without having to personally check for signed in Google accounts or downloaded files.
The first step was to enable Guest User. Upon logging out, all files are erased. This has taken care of the biggest hurdle. Then, I have been looking for a way to automate it. There are bound to be MacBooks that have not been logged out of, which would mean they would still have to be checked upon return.
I have independently tried the "Log out users after a certain time of inactivity" under Login Window and a script to automatically shutdown. Neither are suitable for this scenario, as I am using Guest User and these are MacBooks. Guest User has no log out timer and closing the MacBook will make scripting difficult.
These carts will not be sent out often, so logging them out upon return is something I can settle for. But if anyone has an alternative, it would be much appreciated. Thank you.
Posted on 12-17-2021 08:41 AM
I use to run the script gotten from HERE, and it worked pretty well. That was 2 years ago, not sure if it will work on the new macOS or if that is what you need.
Posted on 12-20-2021 01:52 PM
With a lot of learning moments and a couple of tweaks, I was able to get it deployed and running without any error codes. Sadly, either I missed something or the code no longer works. Whether I am logged in as Guest or another user, the log states that no one is logged in and therefore does not force logout.
I will have to shelve this for a later date, but was very useful. Thank you.
12-22-2021 11:52 AM - edited 12-22-2021 11:54 AM
Couldn't drop it and came back to it. I changed the LaunchDaemon to a LaunchAgent with a shorter StartIntervals and is placed by a post install script. I moved the script from /bin to /usr/local/bin and removed the check for a logged in user.
Post install script to place LaunchAgent :
#!/bin/bash
cat << EOF > /Library/LaunchAgents/com.apple.forcelogout.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.forcelogout</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/forcelogout.sh</string>
</array>
<key>StartInterval</key>
<integer>15</integer>
</dict>
</plist>
EOF
chmod 644 /Library/LaunchAgents/com.apple.forcelogout.plist
chown root:wheel /Library/LaunchAgents/com.apple.forcelogout.plist
/bin/launchctl load /Library/LaunchAgents/com.apple.forcelogout.plist
Script packaged to be placed in /usr/local/bin named forcelogout.sh :
#!/bin/bash
log="/Library/Logs/Auto_Logout/Auto_Logout.log"
function writelog () {
DATE=$(date +%Y-%m-%d\ %H:%M:%S)
/bin/echo "${1}"
/bin/echo "$DATE" " $1" >> "$log"
}
mkdir -p /Library/Logs/Auto_Logout
lidClosed=$(ioreg -r -k AppleClamshellState -d 4 | grep AppleClamshellState | head -1 | awk '{print $NF}')
if [[ "$lidClosed" == "Yes" ]]; then
writelog "Lid has been closed while still logged in; logging out."
osascript -e 'tell application "loginwindow" to «event aevtrlgo»'
rm -r /Users/Guest
else
writelog "Lid is not closed; exiting."
fi
exit 0
Posted on 09-16-2022 06:53 AM
I was able to package the script and run the post install and it looks like everything is in the right place (I've confirmed that the plist is in LaunchAgents and the script is in usr/local/bin), however when I close the lid, nothing happens. Any thoughts? I'm logged in as an AD authenticated user. I'm running OSX 12.4