Lock a Mac user out of Filevault

Hi guys,

I have a script that would lock the user out of Filevault, then force a shutdown. When the user tries powering on the Mac their login icon won't be there anymore and they won't be able to login to the Mac at all. The use case for this is remote departures where we want to remove access from the user entirely. I know this should be done with an MDM, we're working on it, in the meantime I figured this is a good way to lock the Mac.

I have this as an online shell script, however because Kace runs these scripts as root, the (id -un) command grabs the root user instead of the logged on user.


1. Has anybody been able to do this on a Mac using a Kace script?

2. Is there a way to get this type of logged on user result with a Kace script considering it's run as root?

Here's the script:


user=$(/usr/bin/id -un)

echo $user

sudo /usr/bin/fdesetup remove -user $user

sudo /sbin/shutdown -h


2 Comments   [ + ] Show comments
  • Ben, can you not just put your script in a file and then attach it to a Kscript and run it? - Hobbsy 12 months ago
  • I'll try that, Hobbsy, thanks.

    I tried this in online shell, offline kscript, and an MI, all results are the that it's run as root. - bens401 12 months ago

Answers (0)

Be the first to answer this question

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ