"Again, if the very first user logging in is a local admin, it gets a
token" You're obviously very convinced of what you're saying, so there's
clearly no way I can convince you it's not true, but I'm sorry to say
it's not true. If it was, there would...
I think I may have found the issue. Our enterprise instance is 10.8
which we were told supported Mojave. I'm seeing information that
indicates you need 10.9 minimum to actually support Mojave's security
features. I've inquired with the enterprise adm...
We have tested many times on many machines fresh out of the box 10.14.3.
There are no VMs involved. That command and the sysadminctl command to
query users with tokens returns none. It would seem you have already
"scripted a fix" that is resolving th...
Sorry but your assertions do not match experience. The first account
logged in to after setup is the "additional admin" account made by the
pre-stage enrollment policy. That account does NOT get a token, and is
therefore not able to do anything, and ...