Lock a Mac user out of Filevault
I have a script that would lock the user out of Filevault, then force a shutdown. When the user tries powering on the Mac their login icon won't be there anymore and they won't be able to login to the Mac at all. The use case for this is remote departures where we want to remove access from the user entirely. I know this should be done with an MDM, we're working on it, in the meantime I figured this is a good way to lock the Mac.
I have this as an online shell script, however because Kace runs these scripts as root, the (id -un) command grabs the root user instead of the logged on user.
1. Has anybody been able to do this on a Mac using a Kace script?
2. Is there a way to get this type of logged on user result with a Kace script considering it's run as root?
Here's the script:
sudo /usr/bin/fdesetup remove -user $user
sudo /sbin/shutdown -h
Be the first to answer this question