Skip to main content

Hey there! Probing this community to see if anyone else experienced this issue and how it was solved.



We've got a few computers, that for an unknown reason, appear to have their Touch ID undoing itself from allowing computer unlock. The Configuration Profile is currently set to allow Touch ID unlock. This is intermittent across our organization, with a large portion of people who are unaffected.



But those that are affected, the only step I've seen help is rebuilding the entire OS. Apple was unable to provide details on where this plist regarding TouchID is located, and I suspect an interference with SIP is why it's unable to reauthorize the new settings.



I've blasted away /Library/Managed Preferences/, and I would like to know a solution other than reinstalling the OS, if anyone here was able to solve it in a cleaner manner!

@rohan.aghi , If I understand correctly, what you are seeing is the following: User enrolls finger printer, enables unlock Mac. You close out of the System Prefs window, and open back up unlock Mac is now disabled?

@rohan.aghi I am also experiencing this issue. Touch ID has worked in the past but stopped. In "System Preference" -> "Touch ID", the option for "Unlocking your Mac" is greyed out. The configuration profile is set to allow Touch ID to unlock.



Did you find a resolution?

Also experiencing this issue with a majority of our Touch Bar machines. We started experiencing symptoms after recovering from an unrelated issue when making a minor change to a configuration profile which inadvertently locked down most functions, including the ability to unlock using Touch ID. Our current configuration profile confirms that Touch ID unlock is allowed.



Short list of attempted resolutions:
- SMC reset
- PRAM reset
- Remove /Library/Managed Preferences/
- Remove Profiles
- Remove JAMF
- In-place upgrade (re-install macOS over existing install using USB)



@ddcdennisb, correct. It will allow the option to select it, and then undo when the screen for Touch ID is left.



@kiwillia, Currently, I have not. The case I had with JAMF Support suggested updating to 10.3.1 and attempt again. I suspect the error will not be resolved from updating the JSS. I will be reopening a new case for assistance to determine a resolution other than re-imaging.



@rplendup, I too have tried all these steps as well, to no avail.

@rohan.aghi Try running bioutil -w -s -u 1 in terminal or via jamf.



It will clear out any enrolled fingers, but then will allow you to reenroll and unlock will stay active.



Had the same issue.

@ddcdennisb, I will try this on a computer shortly and let you know the results.

Result!



Uninstallation of the MDM profile needs to be done first, then running bioutil -w -s -u 1, and then reinstallation of MDM. It will work like a charm. Thank you so much @ddcdennisb and everyone who assisted!

Confirmed working fix! Thanks @ddcdennisb!

Thanks for this. Does anyone know if this is a Jamf issue or an Apple / OS issue?

@ooshnoo, What I believe it is is a permissions issue with SIP and JAMF's binary. It basically allows it to change it's status to not allowing Touch ID and then it no longer has the permissions to adjust it back.

never mind

JAMF PI-005832 for anyone following along. Doesn't sound like they're actively working on it, so if you're bothered by issue, might want to report it to add impact.

Reply


Terms & ConditionsCookie settings