Posted on 01-29-2020 05:21 AM
After restarting a certain Macbook Air, only Administrator user appears. To login as a different user, I first have to login administrator, then log off. Then it´s possible to login the other users. Have tried every "login window" option in JAMF profile, but the problem is not solved. Any tip ?
Posted on 01-29-2020 05:37 AM
Was filevault enabled?
Once it's turned on, it will only show (by default) users eligible to access the drive.
Posted on 01-29-2020 05:42 AM
Sounds to me like your "Administrator user" is the only Secure Token enabled user. Check to see that the Mac is FileVault enabled (encrypted). You'll need to pass Secure Token to the other profiles you want to be able to unlock the drive. I believe only the admin level accounts can get Secure Token. Apple's encryption model doesn't really work well in a shared-use, standard-account environment.
Posted on 01-29-2020 05:43 AM
Thanks. Checked File Vault - only adminuser was activated. I then activated the other user (also admin level) so this should be able to unlock disc. Still only the "original" administrator account appearing after restart...
Posted on 01-29-2020 05:56 AM
On the Mac computer, open System Preferences > Security & Privacy.
Click the FileVault tab, and if necessary, unlock the padlock.
Click the Enable Users button and an account list pops up.
Click Enable Users to add and enter password of that user.
Posted on 01-29-2020 06:07 AM
Already tried - did not work..
Posted on 01-29-2020 10:52 AM
Have you tested deleting and manually recreating the account? Depending on your OS version, it will prompt the SecureToken enabled admin account to authenticate and create a token upon first login.
Posted on 01-29-2020 10:58 AM
You can do the same thing in terminal using fdesetup commands.sudo fdesetup add -usertoadd $username
you'll then get prompted for the username that's already got FV2 permissions,
the password for the user with FV2 permissions
and the password for the user you want to add.
If this is something you'll need to do a lot I have a script that attached to a self service policy that adds the logged in user to filevault.
Edit: The formatting is weird on this site. The fdeList= variable should have backticks around "fdesetup list | grep $userName"
#! /bin/bashhttps://www.jamf.com/jamf-nation/discussions/26608/adding-user-to-filevault-using-fdesetup-and-recovery-key
adminName=$4 adminPass=$5 userName=$( scutil <<< "show State:/Users/ConsoleUser" | awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}' ) fdesetup remove -user $userName if [[ "$userName" == "adminName" ]] ; then echo "Admin user is logged in." exit 1 dialog="Do Not run this tool when logged in as Admin! Exiting!" cmd="Tell app "System Events" to display dialog "$dialog"" /usr/bin/osascript -e "$cmd" fi echo "prompting user for Account Password" userPass=$(/usr/bin/osascript<<END tell application "System Events" activate set the answer to text returned of (display dialog "Enter your Current Account Password:" default answer "" with hidden answer buttons {"Continue"} default button 1) end tell END) expect -c " spawn fdesetup add -usertoadd $userName expect "Enter the primary user name:" send ${adminName} expect "Enter the password for the user '$adminName':" send ${adminPass} expect "Enter the password for the added user '$userName':" send ${userPass} expect" fdeList=fdesetup list | grep $userName
if [[ "$fdeList" == "$userName" ]] ; then echo "$userName Filevault Password Updated successfully" dialog="$userName Filevault Password Updated successfully" cmd="Tell app "System Events" to display dialog "$dialog"" /usr/bin/osascript -e "$cmd" exit 0 else echo "Adding $userName to FV2 Failed" dialog="Adding $userName to FV2 Failed" cmd="Tell app "System Events" to display dialog "$dialog"" /usr/bin/osascript -e "$cmd" exit 1 fi
Posted on 01-30-2020 03:32 AM
Thank you so much. Will try this out.