Disable Root User on Mac OSX
This set of agent procedures will allow you to either Disable the Root account of your endpoints, or enable and change the password of the Root account.
It contains 2 different procedures:
The first one to directly disable the root account, which has been recommended as the safest option if you are not using it and have an Admin account setup on the Mac.
The second procedure enables the account, and set a password. If the account is already enabled, it will only change its password.
Both procedures will prompt for Variables when being scheduled, It will need an Admin username and Admin password in order to have the correct permissions to interact with the Root user. In case of the procedure to enable the admin account, it will also prompt for the Root Password to set.
Here is an Apple article on how to perform the same changes manually: https://support.apple.com/en-us/HT204012
After internal testing, it is recommended to change the password first as it will prevent the use of the "root" account without a password. To this day, on High Sierra, a disabled "root" account will not be able to login to the endpoint but will be able to change settings on "System Preferences"
Mac OSX High Sierra Root Vulnerability Fix has no reviews.
Mac OSX High Sierra Root Vulnerability Fix has no comments.