Posted on 08-24-2022 08:29 AM
Mac-Mini 2018 -- Monterey -- with Jamf Connect creating local accounts -- not bound to AD
The only user that gets a login keychain is the local admin. Any new users who sign in and create a local account DO NOT get the login keychain. We noticed keychain errors go away if the device is not enrolled in Jamf. As soon as you enroll, keychain errors happen.
We started adding config profiles one by one until the keychain error popped up. This is what's causing it:
Unchecking this box allows new users to create a local keychain
Why would this cause keychain issues? Is there additional configuration needed to avoid keychain errors?
Posted on 09-07-2022 09:11 AM
Thanks for posting this! I've been dealing with this issue for over a year now.
Have you noticed any side effects from this? I'm just hesitant to remove this as it seems essential for Jamf's management of the device.
Posted on 09-08-2022 02:28 PM
I have not noticed any issues when unchecking the box. I can still deploy remote commands, install packages, deploy policies and config profiles.
I was told not binding to the network, upgrading to Monterey, and implementing jamf connect would resolve issues, but even after doing all that the Keychain issue remained. Unchecking the box was the only solution for our environment.
Just keep in mind, if you do uncheck this box, you must rebuild the Keychain folder for the user. If you don't delete the Keychain folder and restart, the user will continue to experience Keychain error messages.
You can always turn it back on if you see any issues. I think if it was a major issue, jamf wouldn't give you the option to disable it.