I am having issues when I activated FileVault as default - it picks my first hidden administrator account as the first user. My users are unable to activate FileVault as the hidden admin has not sent the key back to Jamf.
Do you guys face the same as well? What are the workarounds you have been using?
A few questions that would help give more accurate information:
1) How are you enrolling your computers? (ADE or User Initiated)
2) How are you creating your "hidden" admin and the local user
3) is your admin user logging in before the local user?
4) What version of macOS are you running?
It sounds like your hidden admin is getting a Secure Token first instead of your local user. Typically the first user to log in to the computer, which is usually the user created during setup, is granted a SecureToken. But that is not always the case. But, a SecureToken user can grant another user a SecureToken as well.
One other consideration is are you creating first users as admin or standard level. If you're using ADE to build/enroll your Macs, secure token would be given to an Admin level account, but not standard level. In the past, we've done both ways (our users were generally standard) -
OR flip it
The choice to leave them as standard was made in the event a user accidentally wiped/re-provisioned themselves. Apple's not got a great way to do this through ADE still. Give them feedback.
Hi everyone, thanks for the input. I realize i have not given enough context.
So here is it.
1) New DEP Setup on macOS Big Sur
(This only happens to new machine, the older machines that were upgrading from Catalina does not have this issue as Jamf already has a copy of FV2)
2) Enroll via DEP -> Jamf
3) Administrative accounts are created via Profiles and this will happen during the enrollment page where users create their account. Which in this sense, my Administrative is the first account created then User account.
@Tribruin You are right, my administrative account is issued a secure token that and we do not log in to that account unless needed. However with Big Sur when the first account token is not missing, i am unable to process FV2 on the Users account.