Macbook disables local user account

Melmoes
New Contributor II
New Contributor II

Hi all,

Ever since we enrolled the macbooks in our company we've had the problem that the local user account gets disabled. The only possible solution is resetting the password via the terminal in recovery mode. Filevault is enabled so we have to unlock the disk. Entering the password in disk utility to unlock the disk works fine but it doesn't work through the login.

There we're some speculations about it being because the system is entering a faulty password and it getting disabled after 10 tries, we made it so it can try it unlimited amount of times but that only helped for about 2 days.

There is only one moment when it gets a connection with our AD, that's when the user start the macbook for the first time. After that the user is created locally.

Has anyone ever dealt with this problem before or is there anyone who has an idea where the problems comes from?

Here is a photo of the error, it's in dutch.

cc0cb3a4b9274a6194de119f9e961933

7 REPLIES 7

dwillis
New Contributor II

I ran into this problem when enrolling new machines. There was a policy to set the password using a random 128 character password. I disabled it as it wasn't necessary in our environment. Hopefully this will help you in some way.

dwillis
New Contributor II
 

Melmoes
New Contributor II
New Contributor II

.

Melmoes
New Contributor II
New Contributor II

Thank you for your response.

Are you talking about the first login?
Our problem appears on random moments, for instance someone has been working for the last couple of hours and goes away to lunch. When the user returns and tries to enter the password it loads but while loading it redirects in to a sort of like filevault login, when you try to login it gives the message that i posted above.

It happens at random moments, so i don't think it has anything to do with the thing that you stated.

dwillis
New Contributor II

Yes ours was the initial login. The only other thing I can think of is to check under the Admin account on the machine and see if the user is enrolled to be able to unlock with FileVault. Setting up machines in the past I had to add each user within the FileVault settings on the admin side.

donmontalvo
Esteemed Contributor II

Are these Touch ID laptops?

--
https://donmontalvo.com

Melmoes
New Contributor II
New Contributor II
Are these Touch ID laptops?

They're not, we have the "MacBook (begin 2015)"

Yes ours was the initial login. The only other thing I can think of is to check under the Admin account on the machine and see if the user is enrolled to be able to unlock with FileVault. Setting up machines in the past I had to add each user within the FileVault settings on the admin side.

They are their own admin, there isn't an extra account that serves as an admin account.
They should be able to, some users haven't experienced this problem and some got the problem after a few months.