In my environment we have the require password after sleep or screen saver begins enabled.
This prevents anyone from walking up to a machine that may be asleep or in screen saver mode and then using that machine and having access to the previous users data.
This is all fine, however there are often times when a user has forgotten to log out and left the machine in sleep or screensaver mode and gone home. A typical example of this is in computer lab environments.
When the machine is woken up, the only option is to enter the currently logged in users password to unlock the machine, or hit the cancel button which either puts the machine back to sleep or screen saver. If a user or administrator wanted to shutdown/restart or log in to this machine as another user, this would not be possible.
For example, here we have a screen shot of a machine that has the require password after sleep or screen saver set. When the machine is woken up the user is presented with only the option to cancel or enter the users password. There is no option to enter an admin password to over ride. There is also no option to shutdown or restart. A hard shutdown is required if the user can not enter their password.
Enter Fast User Switching.
Fast user switching has been around for a long time and is very useful. It allows you to switch currently logged in users without having to log out. You can also shutdown or restart the machine even when another user is logged in. Great for lab machines where a user has forgotten to log off.
For example, here is a picture of the same machine as above, this time with Fast User Switching enabled. As you can see we now have the option to switch user.
Enabling Fast User Switching is pretty easy, you simple click the check box in system preferences.
The down side of this is that by default it add the fast user switching menu item to the menu bar of all users. This might not be desirable in your environment, it certainly isn’t in mine.
So I needed a way to programatically enable Fast User Switching and also disable the Fast User Switching menu item.
Configuration Profiles to the rescue!
The preference domain that controls Fast User Switching is
.GlobalPreferences. We can easily manage this by setting the
MultipleSessionEnabled key to
This can be achieved with a configuration profile like this
Now we just need to remove the menu item that pops up in every users menu bar.
This can be controlled by using a configuration profile that manages the
com.apple.mcxMenueExtras preference domain. By setting the
User.menu key to
User.menu is the name of the Fast User Switching Menu Item (Found in
Below is a configuration profile that ensures this menu item is not visible.
By installing both of these configuration profiles on our machines, I was able to enable FUS, but make sure that the menu item was not visible to our users. Win Win!