Secure Token issue with machines upgraded to 10.13 from 10.12

danbaver
New Contributor III

Greetings all.

I know at this point every time we see the term "Secure Token," we're ready to rip skin. However, I've encountered a specific issue about which I can't find any other ongoing discussions. Here's my scenario:

I'm in the midst of deploying FileVault encryption on all the Macs in my company. These are existing machines, not new machines. I have workflows that work for machines that were initially setup on High Sierra. My issue now is machines that were upgraded to High Sierra from a previous version of macOS.

From what I can tell, there aren't any users on these systems that have a Secure Token. (I have extension attributes setup that detect the secure token status of the 501 and 502 users, and neither show as enabled.)

Has anyone else encountered this?

1 REPLY 1

danbaver
New Contributor III

So I think I have the start of an answer:

When a pre-10.13 machine is upgraded t0 10.13, no account is automatically issued a secure token. Instead, the first account that activates FileVault is given a secure token. So I created a new smart group for these machines, and will apply the same policy I use for the 10.12 machines to kick off FileVault.