Archive

Archive for May 10, 2018

Detecting if a logged-in user on a FileVault-encrypted Mac has a Secure Token associated with their account

May 10, 2018 1 comment

A challenge many Mac admins have been dealing with is the introduction of the Secure Token attribute, which is now required to be added to a user account before that account can be enabled for FileVault on an encrypted Apple File System (APFS) volume.

In my own shop, we wanted to be able to identify if the primary user of a Mac had a Secure Token associated with their account. The reason we did this was:

  1. We could alert the affected help desk staff.
  2. We could work with our users to rebuild their Macs on an agreed-upon schedule where their data was preserved.
  3. We could hopefully avoid working with our users on an emergency basis where their data could be lost.

To help with this, we developed a detection script. For more details, please see below the jump.

Read more…

%d bloggers like this: