Skip to main content

what are you guys/gals doing with the 'secure token' popup ?



I don't have FV2 enabled and AD users are getting the popup, so we have them select 'bypass'.



i created a configuration profile, using the custom settings payload i added this .plist file (com.apple.MCX as preference domain
)



<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>cachedaccounts.askForSecureTokenAuthBypass</key>
<true/>
</dict>
</plist>

Looks like you have the same thing as what is on my JSS. Do you have it set to Computer Level to apply the profile?


@john-hsu yes i have it set at computer level. the computer is not filevaulted



from my understanding this secure token is not based on whether FV2 is enabled or not, it pops up either way.



is that all you have in that config profile is that single .plist?
is it working?
are all AD users who login for the first time not seeing the securetoken popup?


@tcandela Yes, this is all I have. We use this config profile for our Mac labs so that users logging in do not receive the SecureToken Prompt. It is working with the current build of macOS Mojave 10.14.6.





@john-hsu i applied it to a mac mini that is AD joined, waiting for a new user to login.



I logged in to the mac mini before applying the config profile (chose bypass), so i assume if i log back in I will not get the actual settings that the config profile sets.


it works


@tcandela Yes, this is all I have. We use this config profile for our Mac labs so that users logging in do not receive the SecureToken Prompt. It is working with the current build of macOS Mojave 10.14.6.






If this config is removed from a machine with an AD account does the user get prompted? We still have a handful of users with this and are migrating to cloud and are gushy to remove it in case it causes a prompt. 


Reply