Jamf Connect Login question

ajamfadmin1810
Contributor

I had some questions about the JC login page. It seems inconsistent in when it is shown. This is causing some issues when we are doing onboarding as some people see the JC login screen and some people see the local login page. I see it consistently immediately after logging out, but if i logout then shutdown and go to login again I am only presented with the local login screen

1 ACCEPTED SOLUTION

ajamfadmin1810
Contributor

I added a config file that shows the JC login screen after the FV login screen after reboot or shutdown. Its consistent now and it was a JC configuration we had set to only show JC after logout and not at reboot or shutdown

View solution in original post

7 REPLIES 7

Tribruin
Valued Contributor II

When you shutdown and restart, you are likely seeing the FileVault screen, not the OS login screen. Depending on your JCL preferences, you may see the Jamf Connect Login screen after authenticating at the FileVault screen.

SCCM
Contributor III

@ajamfadmin1810 are you taking about at enrollement, or after its enrolled? if its at enrollement you can repackage it again with this: https://github.com/sean-rabbitt/JamfConnectMetaPackageSample

sign the package and deploy it, it will make it appear more frequently. 
If your talking after enrolement then it would depend on the config profile your using, you can set it bypas the JC screen if authenticating with filevault, have it always require authentication and passthrough. what settings have you appled on your jamf login config?

ajamfadmin1810
Contributor

I added a config file that shows the JC login screen after the FV login screen after reboot or shutdown. Its consistent now and it was a JC configuration we had set to only show JC after logout and not at reboot or shutdown

What's the config file you added? I have the same issue. Thanks

I added the config profile below and scoped it to any machines that are apart of our new prestage

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>DisableFDEAutoLogin</key> <true/> </dict> </plist>

 

I also have an EA that checks what the login method is and then I have this scoped to any macs in a group where the login method is OS login. 

#!/bin/sh

loginwindow_check=$(security authorizationdb read system.login.console | grep 'loginwindow:login' 2>&1 > /dev/null; echo $?)

if [ $loginwindow_check == 0 ]; then
echo "<result>OS LoginWindow</result>"
else
echo "<result>JC LoginWindow</result>"
fi

Hi, the config profile above, what preference domain are you setting? 

 

com.apple.loginwindow

<key>DisableFDEAutoLogin</key>  
<true/>