Remove Guest Home Folder

What the Guest home folder removal does

This Automox Worklet™ removes the Guest account home folder from macOS endpoints. The Guest folder is typically located at /Users/Guest and contains user data, preferences, and cached files associated with guest accounts that are no longer needed.

The Worklet first evaluates whether a Guest home folder exists on the endpoint. If found, it removes the entire directory structure and all associated data using the rm -rf command.

Why remove the Guest account home folder

Many organizations disable guest accounts as a security measure to prevent unauthorized access and reduce attack surface. But disabling the account does not automatically remove the associated home folder, leaving orphaned files and directories on the endpoint.

Removing the Guest home folder serves multiple purposes: it frees up disk storage space that is no longer needed, eliminates potential security risks from cached data or user files that may contain sensitive information, and maintains a cleaner system state where disabled accounts have no trace on the endpoint.

How Guest account removal works

1. Evaluation phase: The Worklet checks for the presence of the /Users/Guest directory on the endpoint. If the directory exists, the evaluation returns an exit code of 1, indicating that remediation is needed. If the directory does not exist, the evaluation returns exit code 0 and no further action is required.

2. Remediation phase: When remediation is triggered, the Worklet executes the rm -rf /Users/Guest command to recursively remove the Guest home folder and all its contents, including subdirectories and files.

Guest account removal requirements

• macOS 10.x or later (all modern macOS versions supported)

• Local administrative access or root-equivalent permissions on the endpoint

• Guest account must already be disabled or no longer in use

• No active user sessions using the Guest account during Worklet execution

Expected state after Guest account removal

After successful remediation, the /Users/Guest directory and all its contents are completely removed from the endpoint. You can verify successful removal by confirming the Guest directory no longer exists at /Users/Guest. The system no longer contains any home directory for the Guest account, and no user data associated with guest sessions remains on the endpoint.

You can verify successful execution by checking that the /Users/Guest directory no longer exists using file system utilities. On subsequent Worklet runs, the evaluation will confirm that remediation is not needed, and the Worklet will return an exit code of 0.

How to validate remove guest home folder changes

1. Run this Worklet on a pilot macOS endpoint and review evaluation output for remove guest home folder.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as exit, else.

4. Validate remediation effects from script operations such as rm, else, exit, then rerun evaluation for compliance.

For technical validation, compare endpoint state to the Worklet evaluation logic and remediation flow for remove guest home folder. This supports repeatable security workflows, faster change control review, and auditable compliance evidence.

Useful script references for this Worklet include evaluation operations such as exit, else and remediation operations such as rm, else, exit. Use these indicators to verify that endpoint changes match intended policy outcomes.