Skip to main content

Hello All

We are runnning into an issue with laptops trying to update OS and being met with an error that states "you need to be an owner to install". Some machines the workaround of "sudo softwareupdate -i -a -R", will install the update but this isnt ideal. All machines are M1 machines, DEP enrolled and going through the same prestage. It seems like its related to SecureToken missing (which might also be causing some FV2 issues) for the user, at least thats what my google fu leads me to. 

 

I kind of remember there being a script out there that could be used to assign a securetoken, we used it at my last place but I cant seem to find it. Any help is appreciated!!!!

Can you confirm the error text you quoted?  Might is read "volume owner" rather than just "owner?"  If so, you are likely running into a secure token or bootstrap token issue.

 

https://support.apple.com/guide/deployment/use-secure-and-bootstrap-tokens-dep24dbdcf9e/web

 

Did you by any chance deploy these devices with recovery lock enabled?

Can you confirm the error text you quoted?  Might is read "volume owner" rather than just "owner?"  If so, you are likely running into a secure token or bootstrap token issue.

 

https://support.apple.com/guide/deployment/use-secure-and-bootstrap-tokens-dep24dbdcf9e/web

 

Did you by any chance deploy these devices with recovery lock enabled?


So it’s related to not that you said. I checked our system logs and a bunch of missing bootstrap tokens. I have a script that assigns secure token, once I did that the user could update no issue. Checking with Jamf why this is happening to 10% of our machines

So it’s related to not that you said. I checked our system logs and a bunch of missing bootstrap tokens. I have a script that assigns secure token, once I did that the user could update no issue. Checking with Jamf why this is happening to 10% of our machines


Did you find anything from Jamf?

So it’s related to not that you said. I checked our system logs and a bunch of missing bootstrap tokens. I have a script that assigns secure token, once I did that the user could update no issue. Checking with Jamf why this is happening to 10% of our machines


Can you specify what script you are using to resolve this?

Yes, can you please share your script? I have a bunch of M1/M2 that are showing this message. 

Yes, can you please share your script? I have a bunch of M1/M2 that are showing this message. 


I haven't had a lot of practice on this issue but I ran into it today and tried:

sysadminctl interactive -secureTokenOn receivingUsername -password 'receivinguserpassword' and in my single case, it seemed to solve it.  I'd be curious if that helps anyone else.

Reply


Terms & ConditionsCookie settings