Skip to main content
Question

SecureToken admin - user who is no longer here

  • March 18, 2019
  • 2 replies
  • 10 views
J
Forum|alt.badge.img+10

We have a device which has FileVault enabled and the SecureToken admin is an AD user who is no longer employed. Is there a way to change the SecureToken admin to our standard "admin" account that we have set up on all of our devices?

I can log in as admin, and admin is a FileVault enabled user, however the old employee's manager would like to be added as a user on this device, without wiping it. I have added him as a user, but I cannot enable his user account in FileVault without the SecureToken admin password.

    2 replies

    K
    Forum|alt.badge.img+7
    • koalatee
    • Contributor
    • March 18, 2019

    If your admin is a FileVault enabled user, it should have a token. When you are trying to add his user account in FileVault, are you unlocking the pref pane with the admin account? You need to unlock with an admin user with securetoken, but should be able to add.

    S
    Forum|alt.badge.img+15
    • sshort
    • Valued Contributor
    • March 18, 2019

    To determine if a user has secureToken, run sysadminctl -secureTokenStatus $userNameHere

    To grant secureToken (the admin granting secureToken must already have it), run sysadminctl interactive -secureTokenOn $userToEnable

    Terms & ConditionsCookie settingsAccessibility statement