Hello All!

We are running a policy that resets the password on a particular account every month.  Its works on some machines but doesnt work on others. The policy returns the logs and lists this error on the machines it DOESNT work on:

Script result: Setting username for API update
Setting password for API update 2024-04-02 09:13:09.326 sysadminctl[24327:1393264] ### Error:-14167 File:/AppleInternal/Library/BuildRoots/a0876c02-1788-11ed-b9c4-96898e02b808/Library/Caches/com.apple.xbs/Sources/Admin_sysadminctl/addremoveuser/main.m Line:377 2024-04-02 09:13:09.327 sysadminctl[24327:1393264] Operation is not permitted without secure token unlock.

Im trying to get an idea of how many machines this error is happening on. I thought that this error would be documented in the jamf log in /private/var/jamf so I figured I would make an EA that searches that log for the error, but I came to find find out that the error is NOT documented in that log or any log on the Mac (as far as I can see).  I I think its only documented in our JAMF server.  Can anyone think of anyway was can either search the logs in our policy logs in our JAMF server for this particular error (Error:-14167) or find some other way to use smart groups to find out what Macs this error is happening on?