Happy new year to everyone in Apple Dev Forum.
I use Mac mini late 2014 ~ late 2018 in the workplace.
Last week, I tried user creation function in Chef 15's latest version, but failed because it tries to refresh a SecureToken-enabled account.
What is weird is, those Macs are already FileVault-disabled because the auto-login function is needed for the operation.
Of course, that account was administrator at that time, so I made a whole new account as administrator in GUI,
and gave the new account a new Secure Token with `sysadminctl -secureTokenOn` to "-secureTokenOff" the originally secure-tokened account.
Now I can check 2 secure tokens exist in that machine via `diskutil apfs listUsers /`, and those two accounts are enabled in Secure Tokens.
I logged in with the new admin account and tried to disable the Secure Token for the original one, but still failed with the message below.
```
sysadminctl[645:19930] Operation is not permitted without secure token unlock.
```
What is the proper way to 'Unlock the secure token' in this case and why should STILL I do if the FileVault is disabled?