Disabling the Guest User account on macOS prevents unauthenticated access to managed devices. When Guest User is enabled, anyone with physical access to the device can log in without credentials and browse files, use apps, and access the internet. This setting is configured via the Login Window Device Setting and applies to macOS only.
How to Disable the Guest User Account
- Navigate to Catalog > Device Settings and click New.
- Select Login Window from the profile list.
- Enter a Payload Name to identify the profile.
- Click the Options tab.
Check the outer box next to Allow Guest User to include the key in the profile, then make sure the inner Allow Guest User checkbox is unchecked (disabled).
- Click Create Profile, then assign it to the appropriate policy and deploy.
Note: The outer checkbox (Include) adds the setting to the profile. The inner checkbox controls whether Guest User is allowed. To disable Guest User, the outer box must be checked and the inner box must be unchecked.