Hi everyone, these days I'm trying to enable the secureToken to a new user that is created via a script distributed by intune. The script simply "demotes" the current admin of the machine and creates a new one. The problem arises at this point: the new admin created in this way has the secureToken set to DISABLED. I would like to enable it without having to log in with the new user just created (which would lead to enabling the token since the bootstraptoken is enabled). I also tried the following command:
sysadminctl interactive -secureTokenOn Administrator -password supercomplexpassword
but having the -interactive option requires the user to put username and psw, which is very inconvenient.
I also tried the following 2 commands, but they fail to activate the secure token:
sysadminctl -secureTokenOn Administrator -password supercomplexpassword
sudo sysadminctl -adminUser "newmac" -adminPassword "NewPassword1" -secureTokenOn "Administrator" -password "supercomplexpassword"
does anyone know other methods? thank you very much for helping