Category filter

Script to set up a policy banner on Mac

While there are different ways to show customized messages on macOS devices, setting up policy banners can be convenient for broadcasting in organizations. A policy banner in Mac forms a custom banner displaying specified information to the users. It is an effective way of presenting a set of information at the login window, which the user is required to acknowledge before logging in.

This interactive approach can be used to publicize organization-wide policies, agreements, and guidelines. Users must accept the message displayed as the policy banner each time before logging in to the device. This document will help IT administrators set up policy banners on macOS devices using a script. You can deploy it using Hexnode’s Execute Custom Script remote action.

Scripting language – Bash

File extension – .sh


The sample script provided below is adapted from a third-party open-source site.

Create a policy banner

The following bash script can set an interactive policy banner at the login screen showing the information you provide in place of ‘Type your instructions here.’

The above script uses the tee command to create a file containing the information to be shown. Then this file will be saved in the ‘/Library/Security/’ folder with the name “PolicyBanner.txt”. The information in the “PolicyBanner.txt” file will be displayed as an interactive message at the login window whenever a user tries to log in to the device. All the users on the device will be shown a policy banner with the information provided, which they must acknowledge by clicking on the Accept button before proceeding.
Script to set a policy banner showing customized info before the login screen on macOS devices


For macOS devices under FileVault full disk encryption, policy banner appears after the first user logs in to the device, before the desktop appears.

Remove a policy banner

To remove the policy banner from the device, execute the following command:

The above command uses the “rm” command with the “-f” option to remove the “PolicyBanner.txt” file from the system.

Troubleshoot issues with policy banner

If you do not find the policy banner on the login screen after deploying the script, there could be an issue with the permissions on the policy banner file. To resolve this, you can deploy the following script to the devices.

The above script modifies the read permission for all the users on the designated macOS device. This will provide access to the content of the file to all the users on the device.

If the problem persists, try deploying the following script to update the Preboot volume of the device.


  • It is recommended to manually validate the script execution on a system before executing the action in bulk.
  • Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.

  • Sample Script Repository