Command to add a secure token to a macOS user account

If you run sysadminctl -secureTokenStatus firstuseraccount and see a secure token is enabled for that first account but run sysadminctl -secureTokenStatus seconduseraccount and see a secure token is not enabled for that second account, you can try adding a secure token to the second account, so it can turn on FileVault or become a FileVault-enabled account.

Try logging out of the second account and logging into the first account, and then running this command: sysadminctl -secureTokenOn seconduseraccount -password - -adminUser firstuseraccount -adminPassword -

You should be prompted first for the password to the first account, and then for the password for the second account.

If it worked, then sysadminctl -secureTokenStatus seconduseraccount should show a secure token enabled for the second account.

If, on the other hand, you get an error message like Operation is not permitted without secure token unlock, you may have to wipe the Mac and reinstall macOS (I’d love to hear differently if folks have a working solution).

Leave a comment

Your email address will not be published. Required fields are marked *