Lock a Mac user out of Filevault
Hi guys,
I have a script that would lock the user out of Filevault, then force a shutdown. When the user tries powering on the Mac their login icon won't be there anymore and they won't be able to login to the Mac at all. The use case for this is remote departures where we want to remove access from the user entirely. I know this should be done with an MDM, we're working on it, in the meantime I figured this is a good way to lock the Mac.
I have this as an online shell script, however because Kace runs these scripts as root, the (id -un) command grabs the root user instead of the logged on user.
Questions:
1. Has anybody been able to do this on a Mac using a Kace script?
2. Is there a way to get this type of logged on user result with a Kace script considering it's run as root?
Here's the script:
#!/bin/sh\
user=$(/usr/bin/id -un)
echo $user
sudo /usr/bin/fdesetup remove -user $user
sudo /sbin/shutdown -h
Thanks,
Ben
Answers (0)
Be the first to answer this question
I tried this in online shell, offline kscript, and an MI, all results are the that it's run as root. - bens401 4 years ago