Mouse doesn’t move at FileVault login screen in VMware Fusion macOS Mojave VMs
As part of working with FileVault on macOS Mojave, I’ve been using VMs running in VMware Fusion 11.x for testing. As part of that, I’ve seen a problem where the mouse doesn’t move when the VM has booted to the FileVault login screen. The keyboard responds and arrow keys can be used to select users, but the mouse itself is immovable and does not respond.
After some research, I ran across someone who had the same issue and found a workaround. For more details, please see below the jump.
Re-syncing local account passwords and Secure Token on FileVault-encrypted Macs running macOS Mojave
As part of FileVault on Apple File System, Apple introduced a new account attribute called Secure Token. As mentioned in a previous post, Secure Token can present some interesting problems for Mac admins who work with FileVault-encrypted laptops. Among the potential complications are these scenarios:
- “I changed the password for my local account, but only the old password is being taken at the FileVault login screen.”
- “We’ve lost the password to the only local user account with a Secure Token, so now we can’t enable any other accounts on this Mac for FileVault.”
Usually, this happens because the local account password in question was changed outside of the Users & Groups preference pane in System Preferences and now Secure Token and the account password are out of sync with each other.
Up until the past few days, the only fix I knew of for that situation was to back up the data and wipe the drive. However, it looks like there is a workaround for encrypted Macs which fixes the password problem and sorts out Secure Token in these scenarios. In both cases, a personal recovery key will be needed as the way to authorize the needed changes. For more details, please see below the jump.
Unable to enable FileVault on macOS Mojave
As part of FileVault on Apple File System, Apple introduced a new account attribute called Secure Token. Secure Token can present some interesting complications for Mac admins and among them is this scenario:
“The laptop is decrypted, but we can’t re-enable FileVault now.”
Usually, this happens because the account password was changed outside of the Users & Groups preference pane in System Preferences and now Secure Token and the account password are out of sync with each other.
Up until today, the only fix I knew of for that situation was to back up the data and wipe the drive. However, it looks like there is a workaround that fixes the password problem and sorts out the Secure Token attribute for the account on a decrypted laptop. For more details, please see below the jump.
Providing access to macOS software updates via Jamf Pro’s Self Service
For a number of OS releases, Apple made both macOS software updates and Mac App Store (MAS) updates available via the MAS Updates page. I was able to use this to provide an easy way for customers to check for available software updates using Jamf Pro’s Self Service.
As of macOS Mojave though, Apple moved macOS software updates to the Software Update preference pane in System Preferences.
Opening the Software Update preference pane will automatically trigger a check for available macOS updates, so it’s possible to approximate the previous behavior by running the following command without root privileges:
open /System/Library/PreferencePanes/SoftwareUpdate.prefPane
When this command is run via the command line, the following actions take place:
- System Preferences launches
- The Software Update preference pane automatically loads
- The Mac automatically checks for macOS updates.
For folks using Jamf Pro, this command can be leveraged to provide a way for customers to easily check for macOS software updates on their own schedule. For more details, see below the jump.
Detecting installed 32-bit applications on macOS Mojave
Over the past couple of OS releases, Apple has made it increasingly clear that 32-bit applications are on the way out. Starting with macOS High Sierra 10.13.4, launching a 32-bit application for the first time will result in a message similar to this being displayed:
macOS High Sierra 10.13.4 and later
macOS Mojave 10.14.x
When the Learn More… button in the alert window is clicked, the following Apple KBase article opens in your default web browser:
32-bit app compatibility with macOS High Sierra 10.13.4 and later
https://support.apple.com/HT208436
To help identify if and where 32-bit applications have been installed, you can use /Applications/Utilities/System Information.app‘s list of installed software to identify which installed applications show up with the following status:
64-Bit (Intel): No
To assist with automating this task, a script is available which uses the /usr/sbin/system_profiler command line tool to detect all 32-bit apps installed in /Applications, /Library or /usr/local and output the list to a logfile stored in /var/log. For more details, please see below the jump.
Building macOS installer disk images for virtual machines with create_macos_vm_install_dmg
A while back, I wrote a couple of scripts which built installers for Mac virtual machines:
However, Apple made some changes to the macOS installer starting in macOS Sierra 10.12.4 which broke the method I was using to build the installers. Recently though, I figured out that I could use Apple’s createinstallmedia tool to help me with building installers for Mac virtual machines again. After a substantial re-write, create_macos_vm_install_dmg is able to create bootable disk images for virtual machines running macOS Sierra, High Sierra and Mojave.
One change from the previous version of the create_macos_vm_install_dmg script is that the resulting installer no longer runs an automated installation. Instead, it will be necessary to follow the prompts to select the language and drive to install the OS onto. For more details, please see below the jump.
Unlock your FileVault-encrypted boot drive using Disk Utility on macOS Mojave
In the event that you need to unlock an unbootable FileVault-encrypted boot drive on macOS Mojave, it’s possible to do so using Disk Utility and the password to a FileVault-enabled account on the drive.
For more details, see below the jump.
Recent Comments