5.10 Ensure Fast User Switching Is Disabled


Fast user switching allows a person to quickly log into the computer with a different account. While only a minimal security risk, when a second user is logged in, that user might be able to see what processes the first user is using, or possibly gain other information about the first user. In a large directory environment where it is difficult to limit login access, many valid users can login to other user's assigned computers.


Fast user switching allows multiple users to run applications simultaneously at console. There can be information disclosed about processes running under a different user. Without a specific configuration to save data and log out, users can have unsaved data running in a background session that is not obvious.


When support staff visits a user's computer console, they will not be able to log into their own session if there is an active and locked session.


Perform the following to disable fast user switching:
Graphical Method:

Open System Preferences

Select Users & Groups

Select Login Options

Uncheck 'Show fast user switching menu as...'

Terminal Method:
Run the following command to turn fast user switching off:

$ sudo /usr/bin/defaults write /Library/Preferences/.GlobalPreferences MultipleSessionEnabled -bool false

Profile Method:

Create or edit a configuration profile with the PayloadType of .GlobalPreferences

Add the key MultipleSessionEnabled

Set the key to </false>

See Also


Item Details


References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1

Plugin: Unix

Control ID: 331ab706c3661185f7d7fe56048647ad9adc11dd16e83f1f4ea71bdc19be2b9a