Catalina - Disable Unattended or Automatic Logon to the System

Information

Automatic logon _MUST_ be disabled.

When automatic logons are enabled, the default user account is automatically logged on at boot time without prompting the user for a password. Even if the screen is later locked, a malicious user would be able to reboot the computer and find it already logged in. Disabling automatic logons mitigates this risk.

Solution

This is implemented by a Configuration Profile.

mobileconfig profile info:

com.apple.loginwindow:
com.apple.login.mcx.DisableAutoLoginClient:
True

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

References: 800-53|CM-6b., 800-53|IA-2, 800-53|IA-5(13), CCE|CCE-84825-9, CCI|CCI-000366, STIG-ID|AOSX-15-002066

Plugin: Unix

Control ID: bc1072d256b97f7b02b347d2fe0c30ed760325af00cc0e02f922b34e4b925290