UPDATE: Apple released a security update to solve this issue. Please have a look at https://support.apple.com/en-us/HT208315
A security vulnerability was discovered in macOS High Sierra on November 28th, where you could enable and log into the root account without providing a password. To address this issue until Apple releases an update to fix it, Jamf School created a Package that will do a couple of things to block logins to the root account:
- Install an app called "High Sierra Root Password Fix.app" in /Applications/Utilities
- Launch the app once, this app will do two things:
- Set the password to a random, 32 character long, string
- Set the root account's login shell to /usr/bin/false
Using Jamf School you can easily distribute this package to your macOS devices by following the steps below:
Create a Smart Group:
- Go to Devices -> Groups and click on "Add Group".
- Fill in a name, choose "Smart Group" as the type and click on the "Add" button
- Enter the following rule:
"Operating System" - "equals" - "macOS" - "10.13"
- Click on "Save Scope"
Distribute the package:
- Download the "High Sierra Root Password Fix.pkg"
- In Jamf School navigate to Apps, click on "Add App" and click on the "Add In-House macOS Package"
- Select the "High Sierra Root Pasword Fix.pkg" file from your computer.
- Choose the Smart Group you've just created as the scope and click on "Save"
- You're done! The package will be distributed to the macOS devices in scope and the fix described above will be applied.