Information
The automatic login feature saves a user's system access credentials and bypasses the login screen. Instead, the system automatically loads to the user's desktop screen.
Rationale:
Disabling automatic login decreases the likelihood of an unauthorized person gaining access to a system.
Impact:
If automatic login is not disabled, an unauthorized user could gain access to the system without supplying any credentials.
Solution
Graphical Method:
Perform the following steps to set automatic login to off:
Open System Settings
Select Users & Groups
Set Automatic login in as... to Off
Terminal Method:
Run the following command to disable automatic login:
$ /usr/bin/sudo /usr/bin/defaults delete /Library/Preferences/com.apple.loginwindow autoLoginUser
Profile Method:
Create or edit a configuration profile with the following information:
The PayloadType string is com.apple.loginwindow
The key to include is com.apple.login.mcx.DisableAutoLoginClient
The key must be set to <true/>
Note: If both the profile is enabled and a user is set to autologin, the profile will take precedent. In this case, the graphical or terminal remediation method should also be applied in case the profile is ever removed.