Hey there all!

Apologies for another topic about secure tokens. I really didn't see many comments about the situation I am currently in.

From the multiple articles I have read about secure tokens, including comments from this derflounder post, it appears that if no users have any enabled security token, you will be unable to enforce FV2. I have of course run:

sudo sysadminctl interactive -secureTokenStatus username

on every account and it seems to be "disabled". I tried to remove the apple setup file in order to create a user from the GUI, but even then it will show that newly created user also as "disabled". At this point I am assuming I will need to erase the machine and setup the device with a proper user account. But I am wondering if this is still true? I only ask because I took one of the machines and noticed I had the ability to go into the GUI and manually enable Filevault 2 in the security preferences. I then selected the account I want to enable it for, had them enter their password, and it immediately started encrypting. So it sorta appears that even though these local users were disabled for security tokens, it still allowed me to enable them for FV via the Mac OS security preferences.

Is this odd behavior or has anyone else seen this? And potentially will this cause us major problems if we went ahead and did this? I would imagine if the gui lets you turn it on and select the desired user, we are good to go, at least for the short term of getting it enabled for the handful of computers we need it for.

Thanks for your time