Smart Card Enforcement - Jamf Pro

Knight_Owl
New Contributor III

Happy Friday All, 

 

So, I am testing a Smart Card configuration profile to Enforce Smart Card use; more specifically, I am currently testing the Use Case scenario of, what happens if someone loses their Smart Card. So I attempt to remove the profile so that they could use their username and password to log in however, the removal of the profile is not occurring, it is stuck in pending. Any tips or tricks that could help me solve this? 

Our environment consists of:

  • On-Prem Jamf Server
  • Required VPN / Hardwired connection to the network to communicate with Jamf Server
  • Forced FileVault Encryption

From my test computer, which is locked out, I am hardwired and can ping the Jamf Server from recovery mode. I am wondering if because FileVault is enabled it cannot remove the profile because the disk is in an encrypted state. Not sure though. Any advice is appreciated. Thanks 

2 REPLIES 2

boberito
Valued Contributor

When a Mac is at FileVault it has no network connection so it'll never get the MDM command to remove the profile. You'll supply the person with the FileVault recovery key and hope their machine has a network connection at the OS login window.

Knight_Owl
New Contributor III

Hi Boberito,

That was my assumption too. However, it never prompts me for the FileVault Recovery Key. I think is because I have the Enforce Smart Card use turned on, see the screenshot below. Any other ideas?

Screenshot 2023-08-14 at 7.23.53 AM.png