top of page

IT & Apple Solutions for Business

Apple Secure Token

How to troubleshoot some updates due to credential errors

Have you ever tried updating a Mac and it just won't let you and just freezes from the Terminal? And if you try to update from system updates, it tells you that your administrator credentials aren't correct?



This happens because the admin user you are using does not have the Secure Token active…



I copy here a script that you can use in #JAMFPro, to enable the Secure Token on macOS. This requires certain steps and privileges, as it's designed to protect access to FileVault and other system security services. To enable the Secure Token for a specific user, you need access to an administrator account that already has the Secure Token enabled. Here's a basic Bash script you could use as a reference to enable the Secure Token for a user:


——


bash


#!/bin/bash



# Variables


adminUser="adminName" # Replace with the name of the administrator user


adminPassword="adminPassword" # Replace with the administrator user's password


targetUser="targetUserName" # Replace with the name of the user who needs the Secure Token



# Function to enable Secure Token


enable_secure_token() {


expect <


spawn sudo sysadminctl -adminUser $adminUser -adminPassword $adminPassword -secureTokenOn $targetUser -password -


expect "Password:"


send "$adminPassword\r"


expect eof


EOF


}



# Execute the function


enable_secure_token



# Verify the status of the Secure Token for the target user


sysadminctl -secureTokenStatus $targetUser


——



Important notes:



1. Expect: This script uses `expect`, a tool that automates interactions with programs that require user input. Make sure `expect` is installed on your Mac; you can install it using Homebrew with the command `brew install expect`.



2. Security: Never store passwords in plain text in your scripts. This script is for educational purposes only and should be used with caution. Consider more secure methods for managing passwords and credentials, such as using a keychain or secure environment variables.



3. Privileges: You need administrator privileges to run these commands successfully, and the administrator must have a Secure Token enabled to grant it to another user.



4. Compatibility: This script is designed for macOS High Sierra (10.13) onwards, where the concept of Secure Token was introduced.



5. Testing: Always test your scripts in a controlled environment before deploying them to production, especially when they manipulate security settings.



Make sure you adapt the script to your specific needs and fully understand each step before running it.


——-


Developed by SETEK Consultants SETEK Consultants


bottom of page