Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Add DisableFDEAutoLogin to Login Window payload

This option prevents the user that decrypted FileVault from automatically logging in, a feature which ignores loginwindow's general "Disable automatic login" ( setting.
This setting is desirable for admins dealing with SmartCard logins which FDEAutoLogin bypasses and while it wouldn't be 100% out of place in the SmartCard payload, it is a preference and should probably end up there. It could even appear contextually depending on whether "Disable automatic login" is checked although technically the two can be set independently.


Posted: by bpavlov

This is supported according to this Apple article:

Specifically they say:

To turn off automatic login when FileVault is on, enter this command in Terminal: sudo defaults write /Library/Preferences/ DisableFDEAutoLogin -bool YES

It does not look to be a part of the Configuration Profile Reference guide here:

However, given that the payload is in the reference guide, I'm going to say that this is just another oversight by Apple in not documenting it in their Configuration Profile Reference guide.

Would definitely be good to see Jamf implement this. And for people to also make the request to Apple to get this properly documented so MDM vendors can implement these features.