+13Bit of an F.Y.I...
I have dep prestage enabled devices.
An Active Directory Mobile Account user is granted a secure token and filevault enabled at login.
When I login as admin and try to delete the user account, A box appears asking me to enter the users password to delete the account.
When I do this, it errors.
The workaround is to "enable this user to administer this computer" checkbox, reboot the device, then delete them.
Has anyone else seen this??
+25is admin a FV user?
in 10.13.x. and 10.14.x you can't delete the last admin account or only account that is FV enabled.
+13I've seen that too.
What I think is happening is that the OS tries to automatically issue a secureToken to the current GUI user (your admin), so you don't end up with an encrypted machine, but no user to unlock it.
To do that, it needs the authorisation of the AD mobile account (which is currently holding the only secureToken on the system),
and that user also needs to be an admin to be able to grant an ST to another user.
+13I create the admin account via a prestage enrollment.
That user has a secure token granted. but bypassses encryption.
The subsequent Mobile users will login and need to encrypt.
This is when you see this occurring.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.