Help

SecureToken admin - user who is no longer here

JefferyAnderson
Contributor

Posted on ‎03-18-2019 08:17 AM

We have a device which has FileVault enabled and the SecureToken admin is an AD user who is no longer employed. Is there a way to change the SecureToken admin to our standard "admin" account that we have set up on all of our devices?

I can log in as admin, and admin is a FileVault enabled user, however the old employee's manager would like to be added as a user on this device, without wiping it. I have added him as a user, but I cannot enable his user account in FileVault without the SecureToken admin password.

0 Kudos
Reply
2 REPLIES 2

koalatee
Contributor II

Posted on ‎03-18-2019 10:32 AM

If your admin is a FileVault enabled user, it should have a token. When you are trying to add his user account in FileVault, are you unlocking the pref pane with the admin account? You need to unlock with an admin user with securetoken, but should be able to add.

0 Kudos
Reply

sshort
Valued Contributor

Posted on ‎03-18-2019 11:00 AM

To determine if a user has secureToken, run sysadminctl -secureTokenStatus $userNameHere

To grant secureToken (the admin granting secureToken must already have it), run sysadminctl interactive -secureTokenOn $userToEnable

0 Kudos
Reply