Need to Enable Security Token for AD user account using Local admin user

Prasanth_e
New Contributor

We are in the process to enable Disk Encryption . Now we have rolled out disk encryption Configuration Profile for user on high Sierra and Mojave , Which is disabled security token unable to process the Disk encryption.

We have a local account on all the Macs which is having secure token and its common account for all Macs . I am looking for script enable security token for AD user account using Local admin user.

3 REPLIES 3

Santosh_BR
New Contributor III

Hey Prashant refer this blog FileVault section.... https://travellingtechguy.eu/

Santosh_BR
New Contributor III

Better one... tweak it accordingly : sysadminctl -secureTokenOn "${username}" -password "${password}" -adminUser "${username}" -adminPassword "${password}"

Stephen_marquar
New Contributor II

We were in the same boat here when it came to enabling FileVault. Before we did this we wanted to make sure all the domain users had secure tokens. We started with a SmartGroup to identify those users. Then we used the script found here: https://github.com/TravellingTechGuy/manageSecureTokens
Keep in mind, when you create the policy to run this script you have to call out the variables. You'll likely want to change variables 4 and 5 to be something like AdminUser and AdminPassword and then pass those variables with the policy. Of course, this would only work if you had the same local admin account using the same admin password on each system.