ok so I have very little knowledge about Jamf Pro. I am more of a Windows engineer. However we have to support Mac users at work..even though I don't have any access to JAMF PRo.
The scenario is that the user is insisting that they didn't change there password but can't logon.
They are at home my understanding is that he 100% is tying his password wrong.
He thinks the system has somehow changed his password.
Is this impossible?
It's not possible for Jamf to rotate a secure token holders' password, most every user should have a secure token.
Troubleshooting macOS Password (keychain) issues can vary greatly from one place to another. I am going to assume the user is trying to get through FileVault (think BitLocker), and the FileVault password has desynced. Most likely cause of this is domain binding, and a password reset on the AD side, but it can be caused other ways.
I would start by giving the user their devices FileVault recovery key and resetting their password when prompted by this process. If the device is domain bound this will permanently desync their account which would need a profile rebuild to fix, but macs should not be domain bound anyway. Your goal is to get them into macOS, the domain joining status is someone else's problem lol.
It's not possible for Jamf to rotate a secure token holders' password, most every user should have a secure token.
Troubleshooting macOS Password (keychain) issues can vary greatly from one place to another. I am going to assume the user is trying to get through FileVault (think BitLocker), and the FileVault password has desynced. Most likely cause of this is domain binding, and a password reset on the AD side, but it can be caused other ways.
I would start by giving the user their devices FileVault recovery key and resetting their password when prompted by this process. If the device is domain bound this will permanently desync their account which would need a profile rebuild to fix, but macs should not be domain bound anyway. Your goal is to get them into macOS, the domain joining status is someone else's problem lol.
^ This. Also, what auth mechanism is being used? Is it local accounts, domain (network) accounts, Jamf Connect, Jumpcloud, etc. etc.?
check username is correct
^ This. Also, what auth mechanism is being used? Is it local accounts, domain (network) accounts, Jamf Connect, Jumpcloud, etc. etc.?
Exactly. There are way too many possible variables at play here. You would need to have a reasonable understanding of their environment and how accounts/devices are configured to troubleshoot this. FileVault is just the low hanging fruit.
OP seems ill equipped for this situation without assistance from a more experienced person within their organization.
- Rebellions are built on hope.
check username is correct
confirmed anyway he is coming into office now
Exactly. There are way too many possible variables at play here. You would need to have a reasonable understanding of their environment and how accounts/devices are configured to troubleshoot this. FileVault is just the low hanging fruit.
OP seems ill equipped for this situation without assistance from a more experienced person within their organization.
- Rebellions are built on hope.
I totally agree I work with guy's who don't document anything and are often too busy to explain anything but apart from that I do know the following. They are using Jamf Connect I have not tried the File Vault fix but yes I have tried that in other companies (but this company they don't document anything so it's very unlikely they will have the file vault recovery key ).
I work for a US company and we all know US companies give out IT access as about as easily you can get blood out of a stone.
Don't rule out a hardware issue with the keyboard. See if they can spray it with a can of compressed air or connect a USB keyboard (will need a USB-C to USB-A dongle probably). If they're at home like you say, who knows what crumbs or pet hair or crud could've gotten in there. Intel Macs with the "butterfly" keyboard were notorious for keys sticking or having other problems.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.