When you activate ‘Find my Mac’ a dialog pops up and tells you that anyone logging into the Guest account will now only be able to start Safari. With ‘Find my Mac’ disabled the guest account works like it always has. I think Apple’s intent is pretty obvious ;-)
I also can’t really see the appeal of this as a feature. Logging into a normal guest account doesn’t require you to reboot into the recovery partition, for one, and a normal guest account also allows you to use all the apps installed on the Mac additionally to Safari which works just fine. There might be one or two attractive use cases beyond goading thieves into going online but those are to my mind very much edge cases.
Please correct me if I'm wrong (I don't actually know how the 'Find my Mac' feature works, so I'm guessing), but when the computer is first booted by a thief, it won't be online, which means that it won't be aware that it needs to disable access to all accounts except to the neutered guest account right?
In fact, the only way that the computer will be made aware that the mac has been stolen is if the thief connects to the internet (Apple has done nothing so far to enhance the likelihood of the user connecting to the internet).
Once the Mac is connected and is aware that it is stolen it's behaviour will change to block all access to user accounts. If anything, this change in behaviour might alert a thief that something is up (I'm giving a lot of credit to theives here) and that he should rid himself of the Mac.
Access to user accounts is not disabled. If the thief has the password he will still be able to log in and if the Mac is set up to automatically log in the thief will be able to access user accounts even without a password. (It is however, possible to remotely lock the Mac even if it is set up to log in automatically. You can also send messages to the Mac, wipe it or locate it.)
If the thief doesn’t know the password the only thing he can do (short of, say, replacing the HDD) is log into the guest account, i.e. restart to Safari on the recovery partition.
I am by no means an expert on this but maybe this is somehow related to the new full disk encryption? Does it make sense to not allow thieves to boot from the encrypted partition?
Like always with computers this is not watertight – at least as far as getting your Mac back is concerned. (Full disk encryption – which is optional – probably protects your data reasonably well.) There are ways to circumvent “Find my Mac”. The good thing is that thieves are usually not very bright.
If you have a password on your user accounts, the thief will only be able to access this browser-only guest account. The other accounts are already locked.
If you haven't put passwords on your user accounts, you're out of luck.
I also can’t really see the appeal of this as a feature. Logging into a normal guest account doesn’t require you to reboot into the recovery partition, for one, and a normal guest account also allows you to use all the apps installed on the Mac additionally to Safari which works just fine. There might be one or two attractive use cases beyond goading thieves into going online but those are to my mind very much edge cases.