Help

Need to Enable Security Token for AD user account using Local admin user

Prasanth_e
New Contributor

Posted on ‎02-05-2020 11:43 PM

We are in the process to enable Disk Encryption . Now we have rolled out disk encryption Configuration Profile for user on high Sierra and Mojave , Which is disabled security token unable to process the Disk encryption.

We have a local account on all the Macs which is having secure token and its common account for all Macs . I am looking for script enable security token for AD user account using Local admin user.

Labels:
0 Kudos
Reply
3 REPLIES 3

Santosh_BR
New Contributor III

Posted on ‎02-06-2020 02:14 AM

Hey Prashant refer this blog FileVault section.... https://travellingtechguy.eu/

0 Kudos
Reply

Santosh_BR
New Contributor III

Posted on ‎02-06-2020 02:33 AM

Better one... tweak it accordingly : sysadminctl -secureTokenOn "${username}" -password "${password}" -adminUser "${username}" -adminPassword "${password}"

0 Kudos
Reply

Stephen_marquar
New Contributor II

Posted on ‎02-06-2020 11:57 AM

We were in the same boat here when it came to enabling FileVault. Before we did this we wanted to make sure all the domain users had secure tokens. We started with a SmartGroup to identify those users. Then we used the script found here: https://github.com/TravellingTechGuy/manageSecureTokens
Keep in mind, when you create the policy to run this script you have to call out the variables. You'll likely want to change variables 4 and 5 to be something like AdminUser and AdminPassword and then pass those variables with the policy. Of course, this would only work if you had the same local admin account using the same admin password on each system.

Reply