In a business (remote) environment, it’s extremely useful so the device can connect back with the MDM console so I can (easily) get the employee back into their laptop after they lock themselves out of the account.
Without it, I have to do annoying shit like walking them through dropping into Single-user mode or some shit. Very annoying and a 5 minute process just became like a 1-2 hour ordeal depending on user skill level.
I’m just curious here, but what are your Mac users doing to lock their accounts so often that this has become such a recurring pain point?
I feel for you, ever since I got approval to move all our mac’s to kandji for management, I have less issues reported from Mac users than windows users.
you asked why it happens so often, I provided a possible explanation.
just yesterday we had a similar case where a usb ethernet adapter wouldn’t work on a locked device due to a similar issue, even if that one may be more logical.
especially when you have to follow an outdated password policy where people have to change their passwords at regular intervals you’ll have such cases more frequently than when they only need to set it once until a suspected compromise.
I honestly expected that to be exactly that, overly alternating (at least from a stand point of majority of users) passwords. I was just curious as the grievance felt very case specific.
That’s certainly a problem I thankfully do not encounter, our Mac users use their O365 logins just like our PC users. If they forget it, they don’t need my help changing or checking it. I haven’t encountered the wifi at login issue, though. That probably piqued my curiosity the most. Our Macs use web auth for login by default (with option to use locally cached password instead) and it requires an internet connection to work. If the mac’s couldn’t/didn’t connect, most wouldn’t be able to login. I could absolutely see this being an issue in a new place where no internet connection has been established before the issue, like a hotel or airport.
They all have a JIC hidden local account too, though. If OPs MDM tools include this option, it could be helpful for the cited scenario(s)
I typed an ironic comment into my last answer about exactly such a scenario but deleted it, assuming a local login would still be possible. Like a domain login where on a failed attempt to establish connection during login would load a local profile that would be synced upon connection.
Without remote access and the user locked out that can only be done through the MacOS recovery mode, if I’m already walking them through that mess might as well just reset their main account
For personal usage, there isn’t
In a business (remote) environment, it’s extremely useful so the device can connect back with the MDM console so I can (easily) get the employee back into their laptop after they lock themselves out of the account.
Without it, I have to do annoying shit like walking them through dropping into Single-user mode or some shit. Very annoying and a 5 minute process just became like a 1-2 hour ordeal depending on user skill level.
I’m just curious here, but what are your Mac users doing to lock their accounts so often that this has become such a recurring pain point?
I feel for you, ever since I got approval to move all our mac’s to kandji for management, I have less issues reported from Mac users than windows users.
the larger a company the more cases you’ll have in absolute numbers, even if the relative numbers stay the same
I understand and agree with you but I’m a bit confused, is that in reference to part of my comment?
you asked why it happens so often, I provided a possible explanation.
just yesterday we had a similar case where a usb ethernet adapter wouldn’t work on a locked device due to a similar issue, even if that one may be more logical.
especially when you have to follow an outdated password policy where people have to change their passwords at regular intervals you’ll have such cases more frequently than when they only need to set it once until a suspected compromise.
Thank you for the context.
I honestly expected that to be exactly that, overly alternating (at least from a stand point of majority of users) passwords. I was just curious as the grievance felt very case specific.
That’s certainly a problem I thankfully do not encounter, our Mac users use their O365 logins just like our PC users. If they forget it, they don’t need my help changing or checking it. I haven’t encountered the wifi at login issue, though. That probably piqued my curiosity the most. Our Macs use web auth for login by default (with option to use locally cached password instead) and it requires an internet connection to work. If the mac’s couldn’t/didn’t connect, most wouldn’t be able to login. I could absolutely see this being an issue in a new place where no internet connection has been established before the issue, like a hotel or airport.
They all have a JIC hidden local account too, though. If OPs MDM tools include this option, it could be helpful for the cited scenario(s)
I typed an ironic comment into my last answer about exactly such a scenario but deleted it, assuming a local login would still be possible. Like a domain login where on a failed attempt to establish connection during login would load a local profile that would be synced upon connection.
Yea, I have practically infinite options on Windows
But on MacOS those options are limited and rigid, this is why Windows will probably never be dethroned in the business space lol
You could turn on the guest account
Without remote access and the user locked out that can only be done through the MacOS recovery mode, if I’m already walking them through that mess might as well just reset their main account
Before they get locked out, I mean of course
deleted by creator
why not just use jamf or something
You still need an Internet connection…