Hey all!
I was managing a few options in settings on my Mac when a prompt appeared saying, ‘Authentication is disabled.’ My account has admin privileges, and I was able to log in to the device using my credentials (without using the fingerprint). Is anyone else experiencing this issue?
1039 Views
Hello @ronnie ,
I also encountered this issue while trying to authenticate for an OS update. I’m not sure if our scenarios are the same, but my account is a mobile account with admin privileges. Despite that, I still received the error message, “Authentication is disabled.” Could this be a bug on Apple’s side? Has anyone found a solution?
Hey @smedt ,
Mine is also a mobile account. So, is this an issue with mobile accounts? I tried unbinding and rebinding my AD domain, but it didn’t help. Are there any other solutions?
Hey @ronnie
This issue occurs due to a corrupt secure token. It can be resolved by revoking and regranting the secure token to the user account. You can use the following script to do this. First, log in to an existing local admin account, then execute the following script:
sysadminctl -secureTokenStatus
sysadminctl -secureTokenOff -password - -adminUser -adminPassword -
sysadminctl -secureTokenOn -password - -adminUser -adminPassword -
diskutil apfs UpdatePreboot /
After executing the script, reboot the device. This can resolve the issue.
I hope it helps.
Hey @finn ,
Thanks for the input, man. Is there a way to achieve this without logging into the account? The device I’m talking about is in a remote area, and I can’t really guide them through all these steps over the phone.
Hello @ronnie ,
Thanks for reaching out to us. I understand your situation with fixing a corrupted Secure Token. Finn, I appreciate your effort, man; those are some thoughtful insights you provided. Ronnie, if the device is remote and enrolled in Hexnode UEM, you can save the following script in a .sh file format and deploy it using Hexnode UEM’s Execute Custom Script remote action.
|
1 2 3 |
sysadminctl -secureTokenOff <enter_target_username_here> -password <enter_password_here> -adminUser <enter_admin_username_here> -adminPassword <enter_admin_password_here> </enter_admin_password_here></enter_admin_username_here></enter_password_here></enter_target_username_here> |
The script revokes the Secure Token for the specified user account using the device’s admin account credentials. Upon successful execution of the script, you can use the Grant Secure Token remote action to regrant Secure Token to the account.
After granting Secure Token you can use the Restart Device remote action to reboot the device.
I hope this resolves the issue. Please feel free to contact us if you need any further assistance. We are happy to guide you.
Regards,
George
Hexnode UEM
Don't have an account? Sign up
