About policy banners in OS X

Learn more about creating policy banners and fixing issues with display and position.

A policy banner is a banner that you can display at the login window that requires a user to acknowledge it before proceeding.

Create a banner

You can set a login message that appears at the login screen of your Mac. You can also set a "policy" banner to display a longer message that you must accept before you can log in. This can be useful in situations where you need users to agree to or acknowledge terms or conditions before using the computer, such as an Acceptable Use Policy.

Use these steps to create a policy banner:

  1. Create a plain text (.txt) or rich text (.rtf) document named PolicyBanner that contains your banner.
  2. Copy the PolicyBanner file to the /Library/Security/ folder. 

The next time you restart the computer, the banner you created appears when you would normally see the login screen. 

If you don't see your banner

If you don't see your banner appear, check the following.

Check FileVault

If you have FileVault full disk encryption enabled on your computer, the policy banner appears after the first user logs in, before the desktop appears. The first login is performed to unlock the startup disk. 

Check permissions

In some instances, you might need to adjust the permissions on the PolicyBanner file.

For .txt or .rtf files set the permissions on the Policy Banner file so that Everyone (Other) has read privileges:

sudo chmod o+r /Library/Security/PolicyBanner.txt
sudo chmod o+r /Library/Security/PolicyBanner.rtf 

For .rtf files, adjust the permissions so Everyone (Other) has both read and execute privileges:

sudo chmod -R o+rx /Library/Security/PolicyBanner.rtf

Check authorization

If you're using OS X v10.8.3 through v10.8.5 and the Policy Banner window doesn't appear, check the /etc/authorization file for the two lines in bold below:

<string>loginwindow:login</string>

<string>builtin:login-begin</string>

<string>builtin:reset-password,privileged</string>
 

<string>PKINITMechanism:auth,privileged</string>

<string>builtin:login-success</string>

<string>loginwindow:success</string>
 

If these two lines aren't present, add them to the /etc/authorization file in the locations they appear above. The /etc/authorization file is no longer used in OS X v10.9 and later, so these changes don't need to be made in versions of OS X other than v10.8.3 through v10.8.5.

If your policy banner window displays incorrectly after updating to OS X El Capitan 10.11.4

After updating to OS X El Capitan 10.11.4, your policy banner might not display correctly. This happens if the document view size isn't set properly in your PolicyBanner.rtf file. To address this issue, do the following:

  1. Open the document in TextEdit.
  2. Resize the window to the desired size. For example, adjust to the size of an embedded image.
  3. Save the document (File > Save).
  4. Close the window.

Closing the window without manually saving the file will not update the view width and height changes.

Copy the updated PolicyBanner file to the /Library/Security/ folder.

Learn More

If you want to use the same policy banner across multiple computers, you can use  Apple Remote Desktop admin or other management software to distribute the file you created to all of your Macs.

Published Date: