Jamf Nation Community

CraftyCilantro5 · ‎08-16-2024

Hello everyone not really a reach out for help but more informational.
Our company ticketing system has been getting a lot of reports once upgrading to 14.6 & 14.6.1 that their macs are slow to lock and their touchid no longer work or theres a huge delay. I myself upgraded and was affected.
Reading through some apple forums someone identified that the issue was with a configuration profile that sets the local device password policy. It uses the com.apple.mobiledevice.passwordpolicy payload type.

I went looking into our jamf instance and found a password policy configuration group and unscope my machine from it. I then locked my mac and both lock and touchid were back to instantly working. I rescoped the same policy back to my mac and boom delays again.

This is where things get complicated for our environment, we have conditional access policies set by intune that our macs register to for access to certain apps. Those conditional access policies are tied to our jamf password policy. So, modifying or removing it entirely is not practical for us.

Seems like its affecting more Managed Macs than personal ones.

telesignjamf · ‎09-11-2024

This command solved our problem. We created the policy for SSP so anyone can reset

"sudo dscl . deletepl /Users/$USER accountPolicyData history"

View solution in original post

jcx9228 · ‎08-26-2024

we experience the same. how did you solve it ?

CraftyCilantro5 · ‎08-27-2024

So far either lower the password rotation to whatever you deem good, I had luck below 4. Or if youre able to remove the profile entirely. (that may not be accomplishable depending on your org). Last option, wait for a patch to come out for MacOS. (so far these seem to be the only solutions)

swiercs · ‎08-27-2024

Following as we have the same issue and cannot remove our password policy profile

CraftyCilantro5 · ‎08-27-2024

Removing the password policy profile was the only way to rid ourselves of the logout \ appletouchID slowness. Our company has 8 password previous password rotation set, I was lowering them down one by one and i saw a significant difference in having a rotation of 4. instead of 8.
However, we still cant go down any lower than 8 in production.

Determine what your rotation limit is for your company and see if its possible to lower it?

telesignjamf · ‎09-11-2024

This command solved our problem. We created the policy for SSP so anyone can reset

"sudo dscl . deletepl /Users/$USER accountPolicyData history"

telesignjamf · ‎09-11-2024

Of course, after the command Restart is paramount.

swiercs · ‎09-11-2024

Command worked for me even without a restart.

CraftyCilantro5 · ‎09-12-2024

Thanks telesignjamf!

What helped us determine who was affected was this command. We saw very noticeable delays with users who Data String with more than 3.

dscl . -read /Users/$USER accountPolicyData
Then running
sudo dscl . deletepl /Users/$USER accountPolicyData history
removed the delay.
So far, since our password policy is managed by AD, and this command deletes it locally it doesnt appear to be affecting our company macs negatively. While this solves our issue this time, hopefully this is resolved with an OS Update otherwise it's only a matter of time before slowness returns. Our password cycles quite often.

Jamf Nation Community

Sonoma 14.6 & 14.6.1 TouchID and Lock screen delays