Help

Users with secure tokens enabled do not appear at the login window

kevin5495
New Contributor III

Posted on ‎07-23-2019 08:53 AM

After a MBP finishes User Initiated Enrollment and new users are granted a secure token with sysadminctl, they don't appear as a login option on an encrypted drive. My understanding is that I can enable or disable STs to control user options on the login screen. Am I missing something else?

0 Kudos
3 REPLIES 3

seraphina
Contributor II

Posted on ‎07-23-2019 10:46 AM

Have you read this blog post by Rich Trouton? https://derflounder.wordpress.com/2018/01/20/secure-token-and-filevault-on-apple-file-system/

Accounts created with a script/command line do not have a ST, and to grant one, the account must have one.
Are you using a policy in jamf or doing so within system preferences?

0 Kudos

fredmin
New Contributor III

Posted on ‎07-23-2019 11:34 AM

We had run into this issue with our computers that were bound to AD. The users were granted a secure token, but then didn't appear on the initial boot screen. By running sudo diskutil apfs updatePreboot / in Terminal we were able to resolve this issue.

And I will second @mlizbeth recommendation to read Rich Trouton's blog. There is a wealth of information there!

0 Kudos

kevin5495
New Contributor III

Posted on ‎07-24-2019 11:33 AM

I have read Rich's excellent post on this, and then some. I should have read the comments too. Sudo diskutil... worked like a charm. Thank you, This saves my entire summer. I would say beers at Grumpy's but, alas it's gone.

0 Kudos