Mojave : Login Window bug ?

glpi-ios
Contributor II

Hi,

I have a problem with MacOS Mojave when I have 'Login Window' payload with "
Show computer's administrators" unchecked.

Computers with only administrator accounts can't log in because no login/password fields appears.

Have you ever had this bug?

MacOS 10.14.2
Jamf Pro 10.7.1 (the same with 10.8 in Dev environment)

Thanks

7031c9f64162453c9db5398ede7d505c

1 ACCEPTED SOLUTION

jkaigler
Contributor II

You can Option +Enter to get in. Unhiding the admin accounts did not help us. It seems to break when I enable Fast User Switching, for us at least

View solution in original post

25 REPLIES 25

Merkley
New Contributor III

I've ran into this issue. I'm on Jamf Pro 10.7.1 as well. I found it was because our Administrators accounts were hidden and no other account was on the computer. Once I unhid one of the accounts or created a temp account, it would show the login boxes. I was going to setup a policy and smart group to look for a temp account but because our Macs are bound to AD, I just use a command to set the login window to always ask for a username and password. Our Macs are bound with a prestage enrollment. So far it's been working in my dev environment. Haven't pushed it out to prod yet.

glpi-ios
Contributor II

Thanks for your answer.

"I just use a command to set the login window to always ask for a username and password."

Which command do you refer to ?

Thanks

jkaigler
Contributor II

You can Option +Enter to get in. Unhiding the admin accounts did not help us. It seems to break when I enable Fast User Switching, for us at least

View solution in original post

Merkley
New Contributor III

Sorry, I forgot to include that. I have it run on enrollmentComplete.

#!/bin/sh

defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool true

@jkaigler I didn't think to try that before. Just tried it and it worked.

glpi-ios
Contributor II

@jkaigler Perfect. It works very well.
@Merkley Sorry, It doesn't work for me 😞

Thank you to all of you

Dylan_YYC
Contributor III

Ive had this same issue, i find when i reboot the login bars come up for a short while. Thanks to @jkaigler for the Option + Enter tip!

jkaigler
Contributor II

Amazingly, our Art Department is not happy with students having to learn Option+Enter and want me to make it like it was in previous OS versions. My first, second and third response is "tough luck". We have 10,000 pc's on Campus and 1200 macs. When a student goes to login to a pc, they have to use ctrl-alt-delete, what's the big deal?

RickDalton
New Contributor III

Do you guys think this is an Apple DEP issue or a Jamf issue? Just started noticing it in my environment last Friday without making any changes, was working normally prior to that day.

jkaigler
Contributor II

JAMF? Most of my machines are not DEP. And If I exclude my test machine from the config profile that controls logins, the problem goes away.

taugust04
Valued Contributor

Perhaps I'm missing something here, but wouldn't this setting in the Login Window payload resolve this?8b1441c7877a47eb8a5093025893a8b2

Personally I've never deployed OS X/macOS systems with the list of users option enabled for the login window - it's always set to the username/password option.

thomast
New Contributor III

@taugust04 I've tried doing that as well. It does not resolve the issue, unfortunately. I have a bug report with JAMF PI-006696. It sounded like my JAMF representative would be reaching out to Apple, and it may be an OS issue rather than JAMF.

dletkeman
New Contributor III

I had the same issue but after fiddling with it I think it was just working as logically intended. I'm not sure about your setup but for me I was configuring some servers that just use one local admin account for everything. By leaving "Show computer administrators" unchecked it was doing exactly as intended. Since there were no users to show I got a screen the same as you have in the first post. It drove me crazy until I checked the "Show computer administrators" box and everything was fine after that.

At first I thought it was a bug but after thinking about it a bit I came to the conclusion that this was logically correct.

Your experience may vary.

My settings here:
4357f4a331c440119731a6adab7e6562

thomast
New Contributor III

@Merkley I tested the script with Name and Password text fields as a configuration profile, and that did not work either. It already has SHOWFULLNAME = 1 when I read it. Are people not using a login window configuration profile at all here? If not, then maybe we need to unmark this as "resolved".

Here's what I'm using now, which was close to the original login window settings that worked perfectly fine on High Sierra and below. It also has SHOWFULLNAME = 1 on it as well.
d238eb36d8024fe996d5cb9f274876a7

Merkley
New Contributor III

@thomast I have both configured, using the script and the configuration profile. I'm getting mixed results in my environment. Sometimes the computer just won't show the username and password fields. It's really odd behavior, but for the most part, we don't rely on that since we have FileVault enabled. It's only during the initial setup of the machine that the techs see that and couldn't get around it. I told them about @jkaigler's suggestion of using the option + enter to show the fields again, and they seem fine with that.

jartron3030
New Contributor II

Is there anything new on this issue? We have a lab with about 30 iMacs all running 10.14.3, all domain-bound. We have always used the config profile to show the username and password fields rather than list of users because in addition to the fact that our users log in with their AD credentials, we would prefer that our local admin not be visible. Recently we've noticed that after the lab computers do their daily reboot, random computers will revert back to showing list of users, which only shows our local admin and then the "other.." option. This is not ideal as we can't expect our users, who are of the general school public, to know that they need to click the "other..." to login using their AD account, and again we would prefer that our local admin is not visible. If we choose to hide admin accounts, then we get the issue described in the OP.

I am also running the

defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool true

command once per computer, but does not seem to have resolved the issue either.

Any help would be much appreciated. Thank you!

larry_barrett
Valued Contributor

This is definitely a Mojave update bug and has nothing to do with anything you're "doing wrong". In my experience this happens to every High Sierra MacBook Air I upgrade to Mojave. The login boxes will be there for 3 seconds. Start typing or you'll get the bug shown by OP. I would just reboot when I was ready to login.

Since we're doing fun keystrokes, Option +5 is infinity ∞

jkaigler
Contributor II

I switched my Login Window to "Name and Password text fields"

0304fa7b86794accaae6d611ff7695ff

tnielsen
Valued Contributor

I can confirm I have seen this, hitting back and forth seems to resolve it.

CorpIT_eB
Contributor II

I hate to bring back an old thread but has anyone figured out a way of turning OFF the Fast User Switching icon on the Menu Bar?

After selecting the option to turn on FUS it puts an Unnecessary login option on the Menu Bar is there a way to switch this off via script or preferably the same MDM profile?

tomhastings
Contributor II

This should take care of the Fast User Switching:

defaults write /Library/Preferences/.GlobalPreferences MultipleSessionEnabled -bool 'NO'

CorpIT_eB
Contributor II

@tomhastings forgive my ignorance man, I am very new to JAMF and would need to figure out a way to I guess script this? Can it be added as a variable in on the payload its-self?

tomhastings
Contributor II

Since it is just a simple Terminal command, do this:
Create a new policy and set the trigger and frequency to what is appropriate.
In the Files and Processes payload, add

defaults write /Library/Preferences/.GlobalPreferences MultipleSessionEnabled -bool 'NO'

to the last field, Execute Command. Set your scope and that's it.

CorpIT_eB
Contributor II

@tomhastings This will still keep FUS on but remove the Icon from the menu bar correct? Testing this seems to turn OFF FUS.

tomhastings
Contributor II

CorpIT_eB, I didn't see the icon in the menu bar but I didn't look for the menu icon. I just kicked off another test Mojave erase/install that has this policy scoped to the machine. I'll let you know how it goes. It does completely disable FUS and removes the icon in High Sierra.
Update: Works in Mojave as well.

stuartjim
New Contributor

Just so everyone knows I resolved this problem by double checking system-setting/profiles and seeing if I had any overlapping policies. It turned out that Jamf's database was corrupt and even though the web said one thing it was generating a bad policy and once we got rid of it, it went away.