Skip to main content
Question

Enable secure token for local admin

  • April 24, 2023
  • 1 reply
  • 0 views
E
Forum|alt.badge.img+6
Hello everyone,

I have noticed that out macs local admin account has secure token disabled. Standard accounts are not admin and have secure token enabled.

I wonder I can push a script on logged in accounts to enable secure token for local accounts.

I ran below command locally:
sudo sysadminctl -secureTokenOn "username" -password "password" -adminUser "username" -adminPassword "password"

Got error:
2023-04-24 11:37:52.233 sysadminctl[2349:18595] ### Error:-14090 File:/AppleInternal/Library/BuildRoots/a0876c02-1788-11ed-b9c4-96898e02b808/Library/Caches/com.apple.xbs/Sources/Admin_sysadminctl/addremoveuser/main.m Line:377
2023-04-24 11:37:52.234 sysadminctl[2349:18595] Operation is not permitted without secure token unlock.

Grat stand account admin rights: same,

Any idea?

    1 reply

    R
    Forum|alt.badge.img+7
    • rhoward
    • Contributor
    • 69 replies
    • April 24, 2023

    In order to give your users secure token rights it will either require user interaction or for you to know their passwords. We use something like this with user interaction:

     

     

    #!/bin/bash ############################################################################################################### ## This Script will enable the secure Token on LDAP Accounts on Macs with an account that has a secure token ## ## This will only work if the LDAP User is logged in, and requires user interaction to enter their password ## ############################################################################################################### loggedInUser=$(stat -f %Su /dev/console) UserPWD="$(osascript -e 'Tell application "System Events" to display dialog "Please Enter your Password:" default answer "" with hidden answer' -e 'text returned of result' 2>/dev/null)" sysadminctl -adminUser YOURADMINUSER -adminPassword YOURADMINSUSERPASSWORD -secureTokenOn $loggedInUser -password $UserPWD

     

     

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings