Need to Enable Secure Token, but don't know credentials

NickPlank
New Contributor

Happy Tuesday everyone!

I've got a question hopefully some of you have encountered and overcome.

We have a few computers with an account (local admin account) that have enabled secure tokens.  Unfortunately, we do not know that account's password (inherited problem).  

Does anyone know if I can somehow leverage Jamf Connect/Jamf Pro/magic to create a different account (with an enabled secure token) or somehow change the password of the account with the enabled secure token?

The machines aren't FileVaulted, and are still managed and talking to our JSS, so I can push whatever config profile/policies might help.

Thank you!

Nick

1 REPLY 1

AJPinto
Honored Contributor III

You can't. To modify the account of a Secure Token holder, you yourself need a secure token. You can't change the PW, delete the account or anything. All you can do is reinstall macOS.

 

If there was a local admin account on the device before the Secure Token was generated, but has never logged in. You can log in with that account and it will automatically get a Secure Token.