Home > FileVault 2, Mac administration, Mac OS X, macOS, Scripting > Creating multiline login banners

Creating multiline login banners

March 25, 2017 Leave a comment Go to comments

In a number of Mac environments, there is a need or requirement for a login banner (otherwise known as a lock message). This message appears in the following locations:

  • FileVault 2 pre-boot login screen
  • OS login window
  • Screensaver lock window

Brevity is best, as staying within a maximum of three lines permits the banner text to be displayed consistently in all three locations. Exceeding the three-line limit may result in the text being cut off and not fully displayed.

You can set this banner text from the command line using the following defaults command, which should be run with root privileges:

/usr/bin/defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "My Login Window Text Goes Here"

LWScreenShot 2017 03 25 at 11 31 14 AM

Being able to consistently set when lines begin and end can be challenging though, as the defaults command is not able to interpret a newline command natively. However, it is possible to set a multi-line login banner and be able to consistently set when lines begin and end. For more details, see below the jump.

To accommodate for the defaults command’s inability to interpret newline commands, you can use the printf utility to format the text of the login banner as designed and store the formatted text as a variable. printf is able to interpret the characters \n as indicating a carriage return, so it is possible to run the following command:

printf "This Mac belongs to John Doe\nPhone number: 1-555-555-1212\nReward offered if found.\n"

To display the following text:

This Mac belongs to John Doe
Phone number: 1-555-555-1212
Reward offered if found.

Screen Shot 2017 03 25 at 11 42 51 AM

In order to set a login banner with this message, you could run a script like the one shown below, using root privileges:

#!/bin/bash

loginbannertext=`printf "This Mac belongs to John Doe\nPhone number: 1-555-555-1212\nReward offered if found."`

# Set login banner

/usr/bin/defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$loginbannertext"

The message will appear at the login window,  screensaver lock window, and FileVault 2 login with the desired lines of text beginning and ending as specified.

LWScreenShot 2017 03 25 at 11 55 17 AM

Screen Shot 2017 03 25 at 11 54 25 AM

Screen Shot 2017 03 25 at 12 00 05 PM

Note: If the message does not appear at the FileVault 2 login, you also need to remove certain cache filenames ending in .efires from the following location:

/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations
Categories: FileVault 2, Mac administration, Mac OS X, macOS, Scripting
  1. onemoreadmin
    March 25, 2017 at 6:49 pm
    Reply

    You can also do this with profiles. I dynamically create multiline login banners with Chef/profiles.

    • Brian Meehan
      June 15, 2020 at 5:51 am
      Reply

      I’m curious what your mobileconfig looks like. I have not been able to do this successfully with Cisco Meraki

  2. Todd Ness
    March 27, 2017 at 3:16 pm
    Reply

    you can also create a custom login screen picture which works at the file vault screen.

  3. Jay
    August 14, 2018 at 2:23 pm
    Reply

    how can I make it into a profile?

  4. Mattia
    March 25, 2020 at 7:03 pm
    Reply

    On Catalina, this command is required to clear the EFILoginLocalizations cache:

    sudo diskutil apfs updatePreboot /

    Thank a lot and keep up with the amazing work!

  1. No trackbacks yet.

Leave a comment