Posted on 09-23-2024 02:28 AM
Hi everyone.
We are starting prestaged enrollment process for our employees enabling the locked recovery mode.
I noticed that if the user gets the password wrong 3 times (filevault login), the Mac offers to restart in recovery mode to reset it. If the user accepts, he will remain stuck in recovery even after restarting, therefore he will be forced to contact us to carry out the reset procedure or get the lock key and then reboot in FV login. I would like to reduce the risk of this happening, what do you suggest I do? Is there a possibility to increase attempts or disable this prompted suggestion by MacOS?
On the first 10 enrollments, we already got 2 cases. Maybe we're just unlucky :)
Thanks.
Posted on 09-23-2024 05:07 AM
I don't think this behavior can be changed. 3 attempts should be plenty for your average "fat fingerer", you must have some over achievers.
Are these just random people forgetting their password 20% of the time? Or is this during device configuration and you guys have a screwy process like enabling FV before deployment with a temporary account?
Posted on 09-23-2024 08:17 AM
ahah no, only people who don't read and therefore don't realize that from now on, they just have to use the same password as our idp. Maybe will be isolated to this initial phase. We're thinking to turn OFF lock recovery and at the end of deploying turn this useful feature on again by Jamf API.
Posted on 09-23-2024 06:06 AM
This in Passcode?
Posted on 09-23-2024 08:25 AM
it seems that only avoid the computer lock, but the macos suggestion to reboot in recovery still appears :(