Script: macOS Disable Find My Mac / Activation Lock Engine

What is the Disable Activation Lock / Find My Mac Engine?

The Activation Lock Script is a shell script ran via MDM policy which has the ability to either:

1. Walk through enforcing the user to toggle or turning off Find My Mac for Activation Lock purposes.

2. Walk through enforcing the user to turn off Find My Mac completely.

3. Walk through enforcing the user to perform a Sign Out of iCloud.

By default, the Activation Lock Script incorporates Mac-friendly open source project IBM Notifier, which is utilized for user-facing notifications, progress bars, pop ups, and instructional videos.

The Activation Lock script is uploaded to the customer’s MDM and run via policy on a set daily schedule. The icon assets are also installed by MDM from a .pkg file. The files installed by the assets .pkg file are referenced and called from the scripts. The script has settings that can be customized and set within the code of the script itself for different runtime options and corporate branding.

The Activation Lock script also supports running without a copy of IBM Notifier or any assets files, and can instead show simple AppleScript dialogues.

Demo of the Activation Lock process:

Initial Activation Lock Window:

Disable Find My Mac workflow also supported:

iCloud Sign Out workflow is also supported:

The engine will enforce via continuous pop-up & reopening of Find My Mac Options if System Settings is closed:

The engine will thank the user when completed:

Sample Code:

Sample .plist configuration file applied via MDM and read via code:

Sample runtime log, stored in MDM:

Full Confluence technical documentation: 

Composer .pkg composition:

Simplicity is prerequisite for reliability.