I am just trying to set the login window to "name and password text fields" using a Config Profile, Login Window payload. We don't want to have a list of accounts in the login window but prefer the user to enter their user ID and PW. It seems to work sporadically. It would seem when the mac reboots, I only get the one standard user listed (see pic)?
. When I log in with that account, then log off, the login window appears how the config profile is set "name and password text fields" Not sure why it's going back and forth. We had originally had the default config profileset to "List" but have since switched to the "Name and Password Text Fields. tested on 3 macs.
1 sierra mac is going back and forth. 2 mohave macs, one working correctly, the other going back and forth too. Thanks
OK now I am starting to wrap my head around this. We are enabling FV with "login" for the payload so when the main standard user of the Mac logs in, they will enable FV and have the ability to login and unlock the disk. However many times these macs become shared and accounts are added to the Macs. So I am really kind of stuck with Macs that are shared? I would have to manually enable each user in System Prefs > Security and have them enter their password? I do see some scripting options here too, but you still need to know the new users password. Any commuinication at all of users passwords is strictly not allowed by our security department. What about the Jamf management account that is created and hidden on all our Macs? Thanks
@tavaresj This is standard macOS behavior if disk encryption is enabled. If your goal is to have a shared/lab machine, then you need to disable FileVault so that the first thing a user sees after turning on the Mac is your preferred username/password fields.
Enabling an EFI firmware password would prevent users from accessing the Recovery partition or making changes to the system config, and is another method of restricting some levels of system access if FileVault isn't enabled.
The jamf management account doesn't get a SecureToken generated automatically. I believe this has something to do with the account being created through a script/terminal. Apple is really big about USER CLICKS for some reason.
Check out this post on Rich Trouton's blog, maybe it can help you out here.