I've performed a number of zero-touch distributions for a hardware refresh I've been working on with my colleague. Randomly we have users that are getting locked out of their machines and that number continues to grow by the day. At first, we believed it to be a Local User Admin script I was running that would create a user admin for troubleshooting things locally, but there have been some machines that are getting locked out and haven't run the script.
In some cases, a resetPassword in recovery mode reset fixes it (2 cases). In the cases that it doesn't, we'll be able to get through an initial login window only to follow up with the same user behind it and the password we just set, won't work. In this case, we are having to wipe the drive and install a fresh copy of Mac OS.
Have any of you encountered this before? Is it something to do with Keychain? Any suggestions on how to troubleshoot this?
I believe the issue may be related to, or correlative to this issue -- seems to exhibit some of the same behaviors.
We saw a lot of this when we started installing the latest supplemental OS update from Apple. Might be worth checking to see if they installed the update after device setup (which is probable, since the device was likely in the distribution chain at the time) but before the lockout.