![]() Because of this, the following workflow is possible: I observed this behaviour whether or not FileVault was enabled. Logging in with a second, different directory account following this does not present the dialog either. However, that would mean that the Mac must always be able to reach your directory service in order for users to log in, since network accounts aren’t cached (even if their home areas are local and do persist on disk).Īlso – I have observed that this dialog does not present when binding to a directory as part of the DEP Pre-Stage, skipping the local user account creation and logging in with a directory account as the very first user. System – SecureToken Dialog Bypass.mobileconfigĪs a footnote, another way to avoid this dialog would be to switch to network based directory accounts. Here’s a Configuration Profile that would do it:Ĭachedaccounts.askForSecureTokenAuthBypass The domain is and the key is a boolean: cachedaccounts.askForSecureTokenAuthBypass With the macOS 10.13.5 update, Apple quietly gave us a preference key to suppress it: For shared Macs in lab settings that are not encrypted with FileVault and never will be, this dialog is not necessary, as well as confusing.Moreover, if the Mac is not encrypted with FileVault, you won’t be able to enable it with that mobile account. If the Mac is encrypted with FileVault, you won’t be able to unlock it with your mobile account credentials. If you click Bypass, your mobile account is created and you’ll never see this dialog again.The context of SecureToken is quite technical, this dialog would be confusing to a lot of people.I think Apple has good intentions with this dialog, especially if you’re using mobile accounts in conjunction with FileVault – this gives us an easier way to grant users SecureToken without having to use sysadminctl. You can Bypass this to continue creating your mobile account, but you may not be able to log in with this account when the computer starts up until your administrator resolves this issue. ![]() Toubleshoot dictation on mac 10.13.4 password#it hasn’t been created yet and is logging in for the first time)Įnter a SecureToken administrator’s name and password to allow this mobile account to log in at startup time. If the account currently logging in will be a directory based mobile account (i.e.the one created during the Setup Assistant). If there is a local administrator account present that has logged in at least once (e.g. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |