Skip to main content
Question

How to enable a created standard user to FileVault2

F
Forum|alt.badge.img+5

Hi,

I want to use some laptops as Multi-User machines so that new users can login without anyone's help.

I'd like to create a dummy standard account that anyone will be able to login with to enable FV2 login screen and then enter their Okta credentials from JAMF Connect so that they can login into the machine with their new user account created.

I can create the user in JAMF Pro but, problem is, I cannot make it FileVault2 Enable, is there a script that can do that? From the GUI in JAMF Pro the checkbox is limited to MacOS 10.13 and below.

    bwoods
    Forum|alt.badge.img+14
    • bwoods
    • Honored Contributor
    • May 17, 2022

    This isn't possible unless the secure token is passed to each account. To pass the secure token you must know the passwords of both accounts.

    abyrd
    1 person likes this
    • abyrd
      abyrd
    F
    Forum|alt.badge.img+5
    bwoods wrote:

    This isn't possible unless the secure token is passed to each account. To pass the secure token you must know the passwords of both accounts.


    OK, I know the password of the admin account created by the enrollment and the standard one I'll be creating. I just want the standard account with token enabled to show on the FV screen when I restart the computer so that the new user can unlock FV and then login on to JAMF Connect. I want to use less interaction from the user, is there a script that can be done, so I can push it through JAMF?

    Thanks

    bwoods
    Forum|alt.badge.img+14
    • bwoods
    • Honored Contributor
    • May 17, 2022
    sudo -u $(ls -l /dev/console | awk '{print $3}') sysadminctl interactive -secureTokenOn "useraccounthere" -password 'userpasswordhere'

    You can use sysadminctl from the account with the secure token, but you need to know the user's password.

    F
    Forum|alt.badge.img+5
    bwoods wrote:
    sudo -u $(ls -l /dev/console | awk '{print $3}') sysadminctl interactive -secureTokenOn "useraccounthere" -password 'userpasswordhere'

    You can use sysadminctl from the account with the secure token, but you need to know the user's password.


    2022-05-17 14:03:20.161 sysadminctl[1286:11187] sysadminctl should be run as root, or in interactive mode! (Error Domain=NSOSStatusErrorDomain Code=-60007 "errAuthorizationInteractionNotAllowed: The authorization was denied since no user interaction was possible. ")

     

    I get this message

    F
    Forum|alt.badge.img+5
    Frank_Sonder wrote:

    2022-05-17 14:03:20.161 sysadminctl[1286:11187] sysadminctl should be run as root, or in interactive mode! (Error Domain=NSOSStatusErrorDomain Code=-60007 "errAuthorizationInteractionNotAllowed: The authorization was denied since no user interaction was possible. ")

     

    I get this message


    I executed the script in files and processes execute command

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings