What should typical login times be for Mac Network

imagejin
New Contributor

Hi there gurus,

 

Can anyone provide information on how a well functioning Jamf managed mac network should perform?  Especially in regards to user login times.  We've been plagued by slow login times for years but told by our IT support team that it's 'normal'.  In the worst case i've seen 5min+ delays from login to desktop.  We just got $100k of new M1 iMacs, and logins are still 2-3min from login to desktop.  It just doesn't seem right to me.  I used to have old 2010 macs not managed by Jamf, but bound to the directory, and they'd login in 30sec or less...

 

Anyone care to share some insight that I can push back with?

Thank you.

5 REPLIES 5

sdagley
Esteemed Contributor II

@imagejin That seems very excessive, but there's really no standard answer and the login time can be impacted by a number of factors. Are you using local logins or mobile accounts connected to AD? (If the latter you _really_ should stop doing that). What security agents do you have installed in your environment? Do you have any policies set to run on login?

One thing you might do to illustrate how the configuration for your managed Macs is re-image one, skip the enrollment process, and just create a local test account. Note the startup time for that and then start looking at everything your adding item by item to see if it's just cumulative or one item is causing the majority of slowness.

And while I said there's no standard answer for login time, my test M2 MacBook Air takes approximately 35 seconds from the time I enter my FileVault password to complete loading of my org's standard security tools (and there's a few of them) and connect to the corporate VPN. We use local logins synchronized to a user's AD account with the Kerberos SSO tool.

Jaykrishna1
Contributor II

Typical login times for a Mac on a network can vary based on several factors such as network speed, network infrastructure, and the specifications of the Mac device. In general, a login time of less than a minute is considered to be normal for a Mac on a network with fast and reliable connectivity. However, in cases where the network is slow or congested, the login time can be longer. It's also important to note that login times can be affected by other factors such as the number of network users, the size of the user's profile, and the presence of network security measures.

AJPinto
Esteemed Contributor

JAMF just places a configuration on the device, in this case probably the domain join. Network Accounts do not log in with JAMF in any way shape or form, that is all between your Mac and your AD Tennant. As far as how long it takes to log in. We have some domain bound devices, 1-2 minutes is not unheard of but is abnormally high. Non-domain bound Macs will log in after a few seconds. That being said, there is are a lot of variables on the network side to consider. 

 

You mention you just replaced a fleet of 2010 devices. I am going to wager they are running a very out dated version of macOS. Apple has been very vocal in their disapproval of domain binding, and Apple has been working actively on making it a worse experience in changes made to macOS. You could just be noticing the technical debt of still using Mobile Accounts.

 

My suggestions:

  • Attempt an offline log in. 
  • Have your network team perform a packet capture of the Mac while logging in. See what network chatter is happening when logging in.
  • Reconfigure one of your new Macs, but don't enroll it to JAMF and manually configure it. See if your experience improves. If it does improve look at the differences, are you missing a security agent, so on.

 

Ultimately, Apples direction is to get away from Domain Binding and using Mobile Accounts. Manage a Mac like a Mac and you wont have problems. Manage a Mac like a PC and you will have problems. Domain joining is a PC thing, not a Mac thing so you really need to get away from binding Macs.

SCCM
Contributor III

Devices being managed by jamf wouldnt cause that large time difference, unless they have alot of policies set to run on login (app updates / installs / reporting), and sending inventory updates.

Times would depend on the network connection type you LAN / wireless with 802.1x etc and how authentication works i.e. if there are any posture checks. Applications such as jamf connect can cause slower logins that the inbuilt apple login but 5mins +, are you sure this wasnt with a apple update or another software update during the same time?

imagejin
New Contributor

thank you for all the suggestions.  I will chat with my IT team and see if they can troubleshoot this.  local logins were fast before the were imaged and managed.  I couldn't say what policies and other security measures they are putting in place, nor if they are still binding them or not.  But I do know it is a primarily PC and microsoft driven infrastructure, and it may be that the macs are being forced into that setup.