Help

Changing Local Account Password Does Not Change FV2 Password

mchristiansen
New Contributor

Posted on ‎04-05-2016 02:51 PM

I have a policy that converts OD accounts to local user accounts (standard accounts). The policy works for the most part. It emails me a temp password for the user and I provide them with it. I then have a policy that prompts them to change their password at login (this is iffy about working and a whole different issue). If the user changes their password then reboots the machine and tries to login again the next day or at any time during the day it does not allow them to and they have to use the temporary password. I searched around the forums here for an answer but I did not see anything to definitive. It appears that FV2 is not obtaining the new password. I can login at the FV2 screen and then it comes to a screen where it asks me to manually type in a username and password and at this screen I can get in with the new credentials. If I manually go in and remove the user and add a user in terminal back to FV2 everything works fine. Is there a policy to cause the passwords to sync or this manual manipulation the only way to get it done?

0 Kudos
Reply
4 REPLIES 4

jonnydford
Contributor II

Posted on ‎04-06-2016 12:23 AM

I'm seeing the same issue in our environment, only with 10.11 Macs it seems.

I haven't had the chance to see if it's a particular version of El Cap that causes it but it seems to be affecting a lot of our users.

We've also resulted in:

#!/bin/sh
Sudo fdesetup remove -user user.name
Sudo fdesetup add -usertoadd user.name
0 Kudos
Reply

mchristiansen
New Contributor

Posted on ‎04-06-2016 08:14 AM

My environment ranges from 10.11.1 to 10.11.4. It appears to be effected on all versions. I'd love for a script that would fix it automatically but during the add process you have to authenticate to FV and have the user enter their password so I am unsure of a way to automate it. Also, unsure as to why the passwords don't sync.

0 Kudos
Reply

jonnydford
Contributor II

Posted on ‎04-06-2016 08:52 AM

@mchristiansen Do you have this turned on in your Security & Privacy config profile:
dcfddd1cbb344bd7a297cb54a9b10613

I read a little while ago that this may be causing problems so I've turned it off. I'm testing now but likely won't see true results for a few weeks.

0 Kudos
Reply

mchristiansen
New Contributor

Posted on ‎04-06-2016 08:54 AM

It's off for me.

0 Kudos
Reply