23816 30517 23815 30506 screen shot 2017 11 28 at 210527 l l

Mac OSX High Sierra Root Vulnerability Fix

Disable Root User on Mac OSX


This set of agent procedures will allow you to either Disable the Root account of your endpoints, or enable and change the password of the Root account.
It contains 2 different procedures:
The first one to directly disable the root account, which has been recommended as the safest option if you are not using it and have an Admin account setup on the Mac.
The second procedure enables the account, and set a password. If the account is already enabled, it will only change its password.
Both procedures will prompt for Variables when being scheduled, It will need an Admin username and Admin password in order to have the correct permissions to interact with the Root user. In case of the procedure to enable the admin account, it will also prompt for the Root Password to set.

Here is an Apple article on how to perform the same changes manually: https://support.apple.com/en-us/HT204012

After internal testing, it is recommended to change the password first as it will prevent the use of the "root" account without a password. To this day, on High Sierra, a disabled "root" account will not be able to login to the endpoint but will be able to change settings on "System Preferences"

  • Name: Douglas Sanchez
  • Company: Kaseya
  • Website: http://www.kaseya.com
  • Contact Developer
  • Summary
  • Mac OSX High Sierra Root Vulnerability Fix
  • Initially Released November 29th, 2017
  • Reviews

    Mac OSX High Sierra Root Vulnerability Fix has no reviews.


    Mac OSX High Sierra Root Vulnerability Fix has no comments.