I had some questions about the JC login page. It seems inconsistent in when it is shown. This is causing some issues when we are doing onboarding as some people see the JC login screen and some people see the local login page. I see it consistently immediately after logging out, but if i logout then shutdown and go to login again I am only presented with the local login screen
Solved
Jamf Connect Login question
+8Best answer by ajamfadmin1810
I added a config file that shows the JC login screen after the FV login screen after reboot or shutdown. Its consistent now and it was a JC configuration we had set to only show JC after logout and not at reboot or shutdown
When you shutdown and restart, you are likely seeing the FileVault screen, not the OS login screen. Depending on your JCL preferences, you may see the Jamf Connect Login screen after authenticating at the FileVault screen.
+8@ajamfadmin1810 are you taking about at enrollement, or after its enrolled? if its at enrollement you can repackage it again with this: https://github.com/sean-rabbitt/JamfConnectMetaPackageSample
sign the package and deploy it, it will make it appear more frequently.
If your talking after enrolement then it would depend on the config profile your using, you can set it bypas the JC screen if authenticating with filevault, have it always require authentication and passthrough. what settings have you appled on your jamf login config?
+8I added a config file that shows the JC login screen after the FV login screen after reboot or shutdown. Its consistent now and it was a JC configuration we had set to only show JC after logout and not at reboot or shutdown
+5I added a config file that shows the JC login screen after the FV login screen after reboot or shutdown. Its consistent now and it was a JC configuration we had set to only show JC after logout and not at reboot or shutdown
What's the config file you added? I have the same issue. Thanks
+8What's the config file you added? I have the same issue. Thanks
I added the config profile below and scoped it to any machines that are apart of our new prestage
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>DisableFDEAutoLogin</key> <true/> </dict> </plist>
I also have an EA that checks what the login method is and then I have this scoped to any macs in a group where the login method is OS login.
#!/bin/sh
loginwindow_check=$(security authorizationdb read system.login.console | grep 'loginwindow:login' 2>&1 > /dev/null; echo $?)
if [ $loginwindow_check == 0 ]; then
echo "<result>OS LoginWindow</result>"
else
echo "<result>JC LoginWindow</result>"
fi
I added the config profile below and scoped it to any machines that are apart of our new prestage
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>DisableFDEAutoLogin</key> <true/> </dict> </plist>
I also have an EA that checks what the login method is and then I have this scoped to any macs in a group where the login method is OS login.
#!/bin/sh
loginwindow_check=$(security authorizationdb read system.login.console | grep 'loginwindow:login' 2>&1 > /dev/null; echo $?)
if [ $loginwindow_check == 0 ]; then
echo "<result>OS LoginWindow</result>"
else
echo "<result>JC LoginWindow</result>"
fi
Hi, the config profile above, what preference domain are you setting?
+7Hi, the config profile above, what preference domain are you setting?
com.apple.loginwindow
<key>DisableFDEAutoLogin</key>
<true/> Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.