Generating SecureToken for systems that don't have one

New Contributor

Some Macs in our environment are somehow in a state where no regular user account possesses a SecureToken. As such, there is no way to enable FileVault for any user, etc. etc.

Has anyone found a way to generate a new SecureToken for a system without having to erase and redeploy macOS?



Valued Contributor II

i've had mixed results with this: in terminal run

sudo rm /var/db/.AppleSetupDone

Then reboot. This will take you through the regular setup screens as if its a new machine. The account created should have a secure token. You can then enable secureToken's for other users and then delete the temp account you just made.