RESOLVED:
If any of you encounter these problems:
– you are logged into admin account, but you cannot enable Filevault
– and/or there is a second account, which you simply cannot delete, even though you have the matching password:
use diskutil apfs listCryptoUsers /
and see which account(s) has a "secure token".
In my case, for some reason my main account (with admin rights) did NOT have a secure token, but the second account, which I only had created as a possible guest account, HAD a secure token.
I found this solution:
– upgrade the second account (which had the secure token) to admin status
And then follow this tip
"
I was getting the “Operation is not permitted without secure token unlock” message but was able to fix it without a wipe and reinstall for an account using this command:
sudo sysadminctl -adminUser “ourAdminAccount” -adminPassword “password” -secureTokenOn “localUser” -password “theirPassword”
which I found here:
This worked without me having to do a fresh install.
My main account now has a secure token and I was able to activate FileVault without a problem.
---------------------
Original post:
I am at my wits' end and would appreciate som help: I cannot activate FileVault, and I cannot delete a second account (non-admin) which I myself created and which is basically empty.
Background:
I am in the process of setting up a newly bought M3 Air. Not my first rodeo, never had issues (that I could not resolve) but stumped this time: I transferred my data from the old computer M1 Air via Time Machine. Everything works great, have put an effort into tweaking all the rest (thunderbird profile, etc. etc.).
Now: I noticed that FileVault was not enabled, and wanted to change that. Being logged into the main account (which has admin rights and is the only with admin rights) I click the option, I enter my admin password, it is accepted, I can click "activate" and then .... nothing happens. Logging in and out afterwards, rebooting etc. have not worked. Doing this procedure in safe mode does not work, either.
Second (related?) issue:
I then tried to delete a second account which I set up for possible guests. I have the password for that second account, there is no Apple ID connected (let alone logged in) with that account, never used, just barebones, for *possible* future use. So deleting it with admin rights from the admin account should be easy, but:
After unlocking this option by giving my admin password I am then asked to enter the password that matches this second account. Fair enough – I created this password and have it. I know it works, because I can log into that second account without a problem. But it is not accepted when I am prompted to enter it in order to delete said second account.
What gives?
If any of you encounter these problems:
– you are logged into admin account, but you cannot enable Filevault
– and/or there is a second account, which you simply cannot delete, even though you have the matching password:
use diskutil apfs listCryptoUsers /
and see which account(s) has a "secure token".
In my case, for some reason my main account (with admin rights) did NOT have a secure token, but the second account, which I only had created as a possible guest account, HAD a secure token.
I found this solution:
– upgrade the second account (which had the secure token) to admin status
And then follow this tip
"
I was getting the “Operation is not permitted without secure token unlock” message but was able to fix it without a wipe and reinstall for an account using this command:
sudo sysadminctl -adminUser “ourAdminAccount” -adminPassword “password” -secureTokenOn “localUser” -password “theirPassword”
which I found here:
This worked without me having to do a fresh install.
My main account now has a secure token and I was able to activate FileVault without a problem.
---------------------
Original post:
I am at my wits' end and would appreciate som help: I cannot activate FileVault, and I cannot delete a second account (non-admin) which I myself created and which is basically empty.
Background:
I am in the process of setting up a newly bought M3 Air. Not my first rodeo, never had issues (that I could not resolve) but stumped this time: I transferred my data from the old computer M1 Air via Time Machine. Everything works great, have put an effort into tweaking all the rest (thunderbird profile, etc. etc.).
Now: I noticed that FileVault was not enabled, and wanted to change that. Being logged into the main account (which has admin rights and is the only with admin rights) I click the option, I enter my admin password, it is accepted, I can click "activate" and then .... nothing happens. Logging in and out afterwards, rebooting etc. have not worked. Doing this procedure in safe mode does not work, either.
Second (related?) issue:
I then tried to delete a second account which I set up for possible guests. I have the password for that second account, there is no Apple ID connected (let alone logged in) with that account, never used, just barebones, for *possible* future use. So deleting it with admin rights from the admin account should be easy, but:
After unlocking this option by giving my admin password I am then asked to enter the password that matches this second account. Fair enough – I created this password and have it. I know it works, because I can log into that second account without a problem. But it is not accepted when I am prompted to enter it in order to delete said second account.
What gives?
Last edited: