Information
Fast user switching allows a person to quickly log into the computer with a different account. While only a minimal security risk, when a second user is logged in, that user might be able to see what processes the first user is using, or possibly gain other information about the first user. In a large directory environment where it is difficult to limit login access, many valid users can login to other user's assigned computers.
Rationale:
Fast user switching allows multiple users to run applications simultaneously at console. There can be information disclosed about processes running under a different user. Without a specific configuration to save data and log out, users can have unsaved data running in a background session that is not obvious.
Impact:
When support staff visits a user's computer console, they will not be able to log into their own session if there is an active and locked session.
Solution
Perform the following to disable fast user switching:
Graphical Method:
Open System Preferences
Select Users & Groups
Select Login Options
Uncheck 'Show fast user switching menu as...'
Terminal Method:
Run the following command to turn fast user switching off:
$ sudo /usr/bin/defaults write /Library/Preferences/.GlobalPreferences MultipleSessionEnabled -bool false
Profile Method:
Create or edit a configuration profile with the PayloadType of .GlobalPreferences
Add the key MultipleSessionEnabled
Set the key to </false>
Item Details
Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1
Control ID: 331ab706c3661185f7d7fe56048647ad9adc11dd16e83f1f4ea71bdc19be2b9a