Help

Prestage local admin volume owner

Go to solution
_aDiedericks
Contributor

2 weeks ago

Hi there,

Has anyone figured out a way to make the local admin account created in prestage into volume owner (post prestage)? The behaviour I've see so far lines up with Apple's documentation on this topic which is that the first user signed in gets the bootstrap token.
I know it's possible to manually grant the local account volume owner status but that requires the current volume owner account details which in our environment is the local accounts created by Jamf Connect all as unique usernames and passwords so this cant be scripted and automated directly.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
AJPinto
Honored Contributor II

2 weeks ago

I had worked with apple on something in relation to this a few months back. Currently, volume owner and secure token generation are tied to interactive login's through the macOS login window. Until it can be "spoofed" with CLI, or added with a MDM or UEM command, there are no options. Though, from what I understand, Apple is working on adding a workflow to make these accounts Secure Token holders programmatically which likely comes with volume ownership.

View solution in original post

2 REPLIES 2

Go to solution
AJPinto
Honored Contributor II

2 weeks ago

I had worked with apple on something in relation to this a few months back. Currently, volume owner and secure token generation are tied to interactive login's through the macOS login window. Until it can be "spoofed" with CLI, or added with a MDM or UEM command, there are no options. Though, from what I understand, Apple is working on adding a workflow to make these accounts Secure Token holders programmatically which likely comes with volume ownership.

Go to solution
PaulHazelden
Valued Contributor

2 weeks ago

During my set up of a Mac, I create the administrator, and then set it to auto login. I have an App that drops really early in the build process that requires a reboot, this will sign in the admin account. Then with the screen locked, I have another couple of Apps to drop, one of which also requires a reboot. During their installation I then turn off the auto login, and as they reboot the Mac again, it will return to the login screen.
It gets complicated as I use plists, EA's and inventory updates to check for the process progress, and to move the Macs into Smart Groups to make the whole thing work.

0 Kudos