Only Administrator user appearing on login screen after restart.

New Contributor II

After restarting a certain Macbook Air, only Administrator user appears. To login as a different user, I first have to login administrator, then log off. Then it´s possible to login the other users. Have tried every "login window" option in JAMF profile, but the problem is not solved. Any tip ?


Contributor II

Was filevault enabled?

Once it's turned on, it will only show (by default) users eligible to access the drive.

New Contributor II

Sounds to me like your "Administrator user" is the only Secure Token enabled user. Check to see that the Mac is FileVault enabled (encrypted). You'll need to pass Secure Token to the other profiles you want to be able to unlock the drive. I believe only the admin level accounts can get Secure Token. Apple's encryption model doesn't really work well in a shared-use, standard-account environment.

New Contributor II

Thanks. Checked File Vault - only adminuser was activated. I then activated the other user (also admin level) so this should be able to unlock disc. Still only the "original" administrator account appearing after restart...

Valued Contributor

On the Mac computer, open System Preferences > Security & Privacy.
Click the FileVault tab, and if necessary, unlock the padlock.
Click the Enable Users button and an account list pops up.
Click Enable Users to add and enter password of that user.

New Contributor II

Already tried - did not work..

New Contributor

Have you tested deleting and manually recreating the account? Depending on your OS version, it will prompt the SecureToken enabled admin account to authenticate and create a token upon first login.

Contributor III

You can do the same thing in terminal using fdesetup commands.
sudo fdesetup add -usertoadd $username
you'll then get prompted for the username that's already got FV2 permissions,
the password for the user with FV2 permissions
and the password for the user you want to add.

If this is something you'll need to do a lot I have a script that attached to a self service policy that adds the logged in user to filevault.

Edit: The formatting is weird on this site. The fdeList= variable should have backticks around "fdesetup list | grep $userName"

#! /bin/bash

adminName=$4 adminPass=$5 userName=$( scutil <<< "show State:/Users/ConsoleUser" | awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}' ) fdesetup remove -user $userName if [[ "$userName" == "adminName" ]] ; then echo "Admin user is logged in." exit 1 dialog="Do Not run this tool when logged in as Admin! Exiting!" cmd="Tell app "System Events" to display dialog "$dialog"" /usr/bin/osascript -e "$cmd" fi echo "prompting user for Account Password" userPass=$(/usr/bin/osascript<<END tell application "System Events" activate set the answer to text returned of (display dialog "Enter your Current Account Password:" default answer "" with hidden answer buttons {"Continue"} default button 1) end tell END) expect -c " spawn fdesetup add -usertoadd $userName expect "Enter the primary user name:" send ${adminName} expect "Enter the password for the user '$adminName':" send ${adminPass} expect "Enter the password for the added user '$userName':" send ${userPass} expect" fdeList=fdesetup list | grep $userName if [[ "$fdeList" == "$userName" ]] ; then echo "$userName Filevault Password Updated successfully" dialog="$userName Filevault Password Updated successfully" cmd="Tell app "System Events" to display dialog "$dialog"" /usr/bin/osascript -e "$cmd" exit 0 else echo "Adding $userName to FV2 Failed" dialog="Adding $userName to FV2 Failed" cmd="Tell app "System Events" to display dialog "$dialog"" /usr/bin/osascript -e "$cmd" exit 1 fi

New Contributor II

Thank you so much. Will try this out.