Loginwindow ¶

Template

The com.apple.loginwindow payload, which is actually a different piece of code to the loginwindow payload, controls the loginwindow display.

Profile Manager only displays a fraction of the keys that may actually be used.

Contents

Summary ¶

Supervised Only:
PayloadType:	com.apple.loginwindow
	N/A
macOS:	N/A
macOS Deprecated:
	N/A
iOS:	N/A
iOS Deprecated:	N/A
Highlander:	N/A

Keys ¶

SHOWFULLNAME ¶

Display Mode

Set the login window to display name and password text boxes for user login or a list of users. Set to “True” to display username and password text boxes. Set to “False” to display a list of users.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

HideLocalUsers ¶

Hide Local Users

When showing a user list, set to true to show only network and system users.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

IncludeNetworkUser ¶

Show Network Accounts

Set the login window to show network accounts. Display mode must be set to display “List of Users” for this preference to take effect. Set to “True” to set the preference.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

HideAdminUsers ¶

Hide Admin Accounts

Set the login window to hide admin accounts. Display mode must be set to display “List of Users” for this preference to take effect. Set to “True” to set the preference.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

SHOWOTHERUSERS_MANAGED ¶

Hide Other Accounts

Set the login window to hide the option to login as “other” account. Display mode must be set to display “List of Users” for this preference to take effect. Set to “False” to set the preference.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	False	N/A	N/A	N/A	N/A	N/A

AdminHostInfo ¶

Heading

Set the default heading of the Login Window. Example values include: “HostName”, “SystemVersion”, “SystemBuild”, “SerialNumber”, “IPAddress”, “DSStatus”, “Time”.

Type	Default	Required	Regex	iOS	macOS	Supervised
string	HostName	N/A	N/A	N/A	N/A	N/A

AllowList ¶

Allowed Users or Groups

User or group GUIDs of users that are allowed to log in. An asterisk ‘*’ string specifies all users or groups.

Type	Default	Required	Regex	iOS	macOS	Supervised
array	N/A	N/A	N/A	N/A	N/A	N/A

DenyList ¶

Denied Users or Groups

User or group GUIDs of users that cannot log in. This list takes priority over the list in the AllowList key.

Type	Default	Required	Regex	iOS	macOS	Supervised
array	N/A	N/A	N/A	N/A	N/A	N/A

HideMobileAccounts ¶

Hide Mobile Accounts

If set to true, mobile account users will not be visible in a user list. In some cases mobile users will show up as network users.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

ShutDownDisabled ¶

Hide Shut Down Button

If set to true, the Shut Down button item will be hidden.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

RestartDisabled ¶

Hide Restart Button

Set the option to hide the Restart button from the login window. Set to “True” to set the preference.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

SleepDisabled ¶

Hide Sleep Button

If set to true, the Sleep button item will be hidden.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

DisableConsoleAccess ¶

Disable Console Access

Disables the ability for a user to access the console by typing “>console” for a username at the login window. Set to “True” to set the preference.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

LoginwindowText ¶

Login Window Text

Text to display in the login window.

Type	Default	Required	Regex	iOS	macOS	Supervised
string	N/A	N/A	N/A	N/A	N/A	N/A

ShutDownDisabledWhileLoggedIn ¶

Disable Shutdown Apple Menu Item

Disables the “Shutdown” option when users are logged in. Set to “True” to set the preference.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

RestartDisabledWhileLoggedIn ¶

Disable Restart Apple Menu Item

Disables the “Restart” option when users are logged in. Set to “True” to set the preference.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

PowerOffDisabledWhileLoggedIn ¶

Disable Power Off Apple Menu Item

If set to true, the Power Off menu item will be disabled when the user is logged in.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

DisableLoginItemsSuppression ¶

Disable Login Items Suppression

If set to true, the user is prevented from disabling login item launching using the Shift key.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	N/A	N/A	N/A	N/A	N/A	N/A

DisableFDEAutoLogin ¶

Disable automatic login

Disable automatic login if FileVault is enabled, so that both an EFI Login and loginwindow password are required

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	N/A	N/A	N/A	N/A	N/A	N/A

LogOutDisabledWhileLoggedIn ¶

Disable Log Out menu item

If set to true, disables the Log Out... menu item when logged in

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	N/A	N/A	N/A	N/A	10.13	N/A

DisableScreenLockImmediate ¶

Disable immediate screen lock

If set to true, disables the immediate screen lock functions.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	N/A	N/A	N/A	N/A	10.13	N/A

Untested ¶

RetriesUntilHint
com.apple.login.mcx.DisableAutoLoginClient
UseComputerNameForComputerRecordName
EnableExternalAccounts
LocalUserLoginEnabled
LocalUsersHaveWorkgroups
FlattenUserWorkgroups
CombineUserWorkgroups