Have you checked if the user missing from the FV window has a secure token? Users without secure token won't show up there
how do I check that? It was the original account I created on the MacBook Pro so shouldn't it have a secure token?
in JAMF it's listed as one of the 2 enabled users
how do I check that? It was the original account I created on the MacBook Pro so shouldn't it have a secure token?
in JAMF it's listed as one of the 2 enabled users
Yes, the initial account should have a securetoken. There was a bug with macOS 12.0 in certain instances would not grant any users secure token. If this isn't a new 14" or 16" computer, then yes the initial user should have gotten a securetoken
You can check with the following command though:
sysadminctl -secureTokenStatus $username
I ran the following command and it said that the secure token for the specified user IS ENABLED
sysadminctl interactive -secureTokenStatus USER_NAME
@ljcacioppo would this command be the issue? it's not an issue with Big Sur and the other macOS's
defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add joey
@ljcacioppo would this command be the issue? it's not an issue with Big Sur and the other macOS's
defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add joey
I am not certain. I haven't used the hidden users list array at all. I know that hides from the login window thouhg
I know Monterey on m1 I have just a username and password field now, so I wonder if that's a new change for Monterey in general, allowing hidden users there
This article may be beneficial: https://derflounder.wordpress.com/2018/01/20/secure-token-and-filevault-on-apple-file-system/
Accounts created with CLI utilities aren't granted a SecureToken and can't decrypt a FV2 volume, though I am not sure if this is a Monterey bug since you said the account does have a SecureToken.
@seraphina the 'joey' account was not created via CLI It was created as the first account when setting up the first user and is an administrator account and has a secure token. Afterwards i ran that script to hide the account from showing up in the login window. Now it also doesn't even show up in the FV2 login window.
I wiped the computer and set it back up again and this time did not run that hide 'joey' account from login window and the account now does show up in the FV2 login window when the computer starts up.
Prior to Monterey that script was fine when run on the other macOS's. Is there something in that one line that is not compatible with Monterey
defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add joey
@seraphina the 'joey' account was not created via CLI It was created as the first account when setting up the first user and is an administrator account and has a secure token. Afterwards i ran that script to hide the account from showing up in the login window. Now it also doesn't even show up in the FV2 login window.
I wiped the computer and set it back up again and this time did not run that hide 'joey' account from login window and the account now does show up in the FV2 login window when the computer starts up.
Prior to Monterey that script was fine when run on the other macOS's. Is there something in that one line that is not compatible with Monterey
defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add joey
@tcandelaI think I found your solution
I created my account with command line as a proof of concept but you can modify this as you see fit
Create the account with the necessary attributes and hide it
Verify the account can decrypt the volume (the final entry is the UUID of my test account per Directory Utility)
Finish this off by running the following commands
% defaults write /Library/Preferences/com.apple.loginwindow.plist HiddenUsersList -array-add username
% sudo diskutil apfs updatePreboot /
Reboot and you should see your hidden account in the FV2 decrypt list without it being present on the login window.
