Login Window configuration profile not working

AndrewWilliamso
New Contributor II

Hey folks,

I've got some weird behaviour impacting random users enrolled in our Jamf MDM.

I have a configuration profile enforcing some Login Window settings, namely "Login prompt: List of users" (as opposed to "name and password text fields". This configuration profile is scoped to all of our enrolled devices.
loginconfigprofile.png

However, some users are always prompted to login with username and password, rather than selecting a user from a list. My device is one of these, 75% of the time I am prompted for username and password, occassionally it works as expected and provides me a list to select from. 

 

Even weirder checking system Preferences > User and Groups > Login Options > unlock settings, the "Display login window as:" radial options are greyed-out and unchangeable, and defaulted to "Name and password", contrary to the configuration profile. 

Loginoptions.png
If I add my device to the exclusion list of the configuration profile, these options are then available for me to manually select again. Scope my device back into the config profile, and they're again locked to the wrong configuration.

 

Anyone experienced similar, or have any guidance? 

Andrew

8 REPLIES 8

Hugonaut
Valued Contributor II

@AndrewWilliamso  In the Login Window Payload, Under Access tab, replicate my settings in the attached screenshots. I believe you are missing the "Local-Only users may log in" checkbox.

 

ss2.png

ss1.png

  

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

AndrewWilliamso
New Contributor II

Hey @Hugonaut - The "Access" settings were already configured as in your screenshot unfortunately. I have recreated the Config Profile from scratch, and supposedly it's behaving itself better on one of the other problem-devices. Have yet to test on mine, but my system preferences is still defaulting to "name and password" field. Will monitor over the next couple days whether it starts to behave more consistently going forwards

SGill
Contributor III

I have one lab where we have that option (List of Users) activated by profile, and it's working in Monterey fine - in case you are still having trouble with it.  I have found that it can take one or multiple restarts to kick in the settings.

 

ListofUsers-Profile.jpg

We've had this profile in place for a long while now, it's only just recently started to act weird. Seems to be behaving itself now after recreating the config profile.

 

Curious to know - Under your System Preferences > Users and Groups > Login Options, is it accurately reflecting your configuration (List of Users rather than Name and Password)? My Login Options is still showing as "Name and password" even though i'm being presented with the list of users again now

SGill
Contributor III

Yes, same here.  Since the profile is "Computer Level" the settings supersede any local ones, but you're right the macOS GUI should reflect the active setting like it does for many of the others.

bdeg
New Contributor

Intermittently starting to see the same thing here this morning. Login window profile that has been in place for a while is now sometimes showing name and password instead of list of users. Machine I am currently seeing the issue on is a M1 with 12.2.1. Happens at both the FileVault unlock screen and login window. 

A couple of my impacted devices were M1 Air's - mine is 12.0.1, one other is 12.2.1.
Also hit a couple of Intel devices as well though...

 

Either way, recreating the profile worked for me, so hopefully fixes your case as well!

Thanks! Did you try removing devices from the profile scope and adding them back? Or, did you duplicate or create a new profile?