Skip to main content
Question

Login Window: Name and Password Text Fields odd behavior:


Forum|alt.badge.img+5
  • Contributor
  • 26 replies

I am just trying to set the login window to "name and password text fields" using a Config Profile, Login Window payload. We don't want to have a list of accounts in the login window but prefer the user to enter their user ID and PW. It seems to work sporadically. It would seem when the mac reboots, I only get the one standard user listed (see pic)?
. When I log in with that account, then log off, the login window appears how the config profile is set "name and password text fields" Not sure why it's going back and forth. We had originally had the default config profileset to "List" but have since switched to the "Name and Password Text Fields. tested on 3 macs.
1 sierra mac is going back and forth. 2 mohave macs, one working correctly, the other going back and forth too. Thanks

7 replies

tdclark
Forum|alt.badge.img+19
  • Contributor
  • 51 replies
  • July 22, 2019

Are you using FileVault? This looks like a FV login window, which is what it is supposed to look like!


Forum|alt.badge.img+5
  • Author
  • Contributor
  • 26 replies
  • July 22, 2019

We sure are using FV. So if I have FV enabled and switch to the "Name and Password Text Fields", it will only show FV enabled users? I assume that's what's occurring here? Still pretty new to Jamf, so learning as we go. Thanks for the reply.


Forum|alt.badge.img+8
  • Valued Contributor
  • 97 replies
  • July 22, 2019

Yes, this list will only show users that are able to decrypt the drive. You will need to generate a SecureToken for each additional user you want to be able to decrypt at startup, but you need to know their password.


Forum|alt.badge.img+16
  • Honored Contributor
  • 1054 replies
  • July 22, 2019

And, Apple has been asked to change this since FV was released. So that kinda implies that they aren't going to change it...

: )

C


Forum|alt.badge.img+5
  • Author
  • Contributor
  • 26 replies
  • July 22, 2019

OK now I am starting to wrap my head around this. We are enabling FV with "login" for the payload so when the main standard user of the Mac logs in, they will enable FV and have the ability to login and unlock the disk. However many times these macs become shared and accounts are added to the Macs. So I am really kind of stuck with Macs that are shared? I would have to manually enable each user in System Prefs > Security and have them enter their password? I do see some scripting options here too, but you still need to know the new users password. Any commuinication at all of users passwords is strictly not allowed by our security department. What about the Jamf management account that is created and hidden on all our Macs? Thanks


Forum|alt.badge.img+15
  • Valued Contributor
  • 301 replies
  • July 22, 2019

@tavaresj This is standard macOS behavior if disk encryption is enabled. If your goal is to have a shared/lab machine, then you need to disable FileVault so that the first thing a user sees after turning on the Mac is your preferred username/password fields.

Enabling an EFI firmware password would prevent users from accessing the Recovery partition or making changes to the system config, and is another method of restricting some levels of system access if FileVault isn't enabled.


Forum|alt.badge.img+8
  • Valued Contributor
  • 97 replies
  • July 22, 2019

@tavaresj

The jamf management account doesn't get a SecureToken generated automatically. I believe this has something to do with the account being created through a script/terminal. Apple is really big about USER CLICKS for some reason.

Check out this post on Rich Trouton's blog, maybe it can help you out here.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings