I have a new 2018 MacBook Pro and am unable to change settings in the Startup Security Utility because it claims there's no administrator (there is, the one I made at first boot). I've tried a PRAM reset..not many other suggestions out there about this issue.
MacBook Pro with Retina display, macOS High Sierra (10.13.6)
Hi Mirko_. This is the answer I got from Mike Bombich (the first way is known: just trying to enable secure token user via terminal).
Mike B.(Bombich Software)
Nov 9, 2:04 PM EST
Hi Simon,
You tried the first of three solutions to that problem. If you're in this position again, please try the other two suggestions. Specifically:
Option#2:
If the procedure above does not work for you...
We found one other mechanism that seems to convince the system to generate the secure token. If you start the process to enable FileVault, but cancel it at the last moment, the system should create the secure token:
- Open the Security & Privacy Preference Pane in the System Preferences application
- Click on the FileVault tab
- Click the padlock icon in the lower-left corner to allow changes
- Click on the "Turn on FileVault..." button
- Choose the option to "Create a recovery key and do not use my iCloud account"
- I know you're getting nervous at this point that you're about to enable FileVault, but that's not going to happen yet as long as you choose the option to create a Recovery key. Click Continue.
- Click the Cancel button, then quit the System Preferences application
Option#3:Only the macOS Setup Assistant has the ability to create the first secure access token, so follow these steps while booted from the volume you're trying to repair:
- Mojave+ only: Grant Full Disk Access to the Terminal application
- Open the Terminal application and run the following commands, substituting your own volume name as applicable:
sudo rm "/var/db/.AppleSetupDone" sudo rm "/var/db/dslocal/nodes/Default/secureaccesstoken.plist"
- Restart the system 4.Setup Assistant will ask you to create a new user. Create the new user account with default settings. A simple name like "tokenuser" will do, don't login with an Apple ID.
- Immediately log out of the new user account, and log in using one of your own admin user accounts.
- Open the Terminal application and run the following commands, substituting your own user names as applicable:
sysadminctl -secureTokenOn youraccount -password - -adminUser tokenuser -adminPassword - sysadminctl interactive -deleteUser tokenuserMike
Cheers.
Simon
Don't remember the exact message I received for that terminal command above, but The solution is to toggle filevault on and then back off. Then the secure ticket or whatever it is called is created and the log in recovery environment into security utility works. I now have turned off everything in there as well. The problem was, often upon boot up the imac pro shuts itself down and powers off half way through a cold startup. (The next boot goes on normally) The error report that comes up on the next normal boot shows "bridge os" as the problem. I am certain that whatever issues that people had with the T2 chip early on, have not entirely been fixed since this is a brand new imac pro and the latest mojavi. I don't need the secure stuff and am hoping that disabling the stuff if recovery helps to keep these bridge os panics down to a minimum. If the issue is with the chip and not software or firmware updates, then I guess we are stuck with it.
Hi Simon - Zerodisk is absolutely not necessary. I'd advise not to put this strain onto your SSD. Best, Mirko
Hi Mirko_. I can't say anything as I did a clean install and imported datas with CCC. Now the admin's secure token is ON.
Startup Security Utility - No administrator was found.
