Jamf Nation Community

MrP · ‎10-03-2018

Since upgrading when I click the lock to unlock it, it immediately locks again in less than a second. Authentication succeeds. There is a password on my admin account. I have tried using both a local admin and a domain admin(which has local admin rights) on two different macs both upgraded from 10.13.6 to 10.14.0 with the same results on each. On one I have removed all MDM profiles, all config files under /Library/Preferences, and all config files under /Library/Managed Preferences, and rebooted, unloaded all plists under /Library/Launch/, and still had the same result. Other systems preferences areas will unlock without issue.

Has anyone else seen this? The only instances I can find of this on the internet are of people who don't have an admin password set.

mike_jankulak · ‎11-28-2018

I thought I'd post a reply here since this is the only mention I could find of this specific issue, and I had this same issue on two computers. Authentication succeeds, icon briefly appears to unlock but immediately re-locks, only happens with the "Security & Privacy" preferences, and started happening this week after upgrading from 10.13.x to 10.14.1.

In my case I managed to work around the problem by realizing that one common factor between the two systems was that they both used Centrify to join our organization's AD domain, and they both inherited some settings that way (login banner, showing username field instead of lists of users, etc.). So I tried dropping one system from the domain and rebooting. That fixed it, I was able to unlock the "Security & Privacy" preferences. Then when I rejoined the AD domain the problem came back.

I realize it's kind of a long shot that others with this problem might be joining their Macs to an AD domain but I thought I'd describe my experiences here just in case. I did get as far as working with Apple Tech Support and it sounded like they were going to recommend reinstalling the OS, until I stumbled across this workaround while on hold.

MrP · ‎11-29-2018

@mike.jankulak , thanks for the response. I found the same. I should have replied:). This is a known issue with Centrify and 10.14 when any GP setting under "Security & Privacy" is applied. I reported to Centrify support and after reproducing on their end, they advised that it is an apple bug and they are keeping my case open to let me know when it is resolved. I'll post back here when/if I hear something.

rcoggins · ‎12-10-2018

Have you heard anything back from Centrify on this issue? I need filevault and smartcard both working and can't see a way around this issue.

MrP · ‎12-11-2018

@rcoggins I have requested an update to their last statement of "no current eta of resolution, waiting on apple" on Oct 11, and will let you know what they say. I believe they are waiting for apple to fix it, so it 10.14.2 doesn't resolve the issue, we'll just have to keep waiting.

If you are looking to add users to filevault, then I guess your only option at this time is to remove the system from the OU with the smartcard policy, run adgpupdate, make the change, move it back to the OU, then run adgpupdate again. If you are looking to enable filevault I assume you know the JSS can handle that programmatically.

rcoggins · ‎12-14-2018

@MrP Thanks for the update! That is the work-around I have been doing in the mean time. Maybe Centrify and Apple will get it worked out...before the next version release?

MrP · ‎12-14-2018

Here is the response from Centrify:

-----Original Message----- From: Centrify Support support@centrify.com Sent: Thursday, December 13, 2018 6:20 PM To: Subject: RE: : Help request. [ ref: ] Hello Paul As far as I know, there is no update from Apple on this bug, I have requested an update but at this time nothing has been provided.

Jamf Nation Community

Cannot unlock Security & Privacy on Mojave