Help

FileVault Local Admin Account

sanjeewa
New Contributor

Posted on ‎07-01-2014 12:40 PM

Need some help. Trying to automate "adding local admin accounts" to FV2 using Capser - policy. Work flow is:
- User account (network account) is made to a mobile account ( done suing Casper - works!)
- Enable FileVault (via Self service) against the mobile account.

Not working: Using Casper, adding (additional) local admin accounts to FV2

Attempted this using policy - (local account), with the option "Enable user for FV2" checked.

But does not seem to work.... What am I missing?

Thank you

0 Kudos
2 REPLIES 2

rtrouton
Release Candidate Programs Tester

Posted on ‎07-01-2014 12:49 PM

@sanjeewa,

On these encrypted Macs, are you running 10.9.x and are you using the alphanumeric individual recovery key?

The reason I ask is that to enable a new account for FileVault 2, the computer must be running 10.9.x and have an existing, valid individual recovery key that matches the key stored in the JSS.

For more information, I recommend checking out JAMF's white paper on managing FileVault 2 on Mavericks:

http://www.jamfsoftware.com/resources/administering-filevault-2-on-os-x-mavericks-with-the-casper-su...

0 Kudos

yellow
Contributor

Posted on ‎11-17-2015 10:21 AM

Pretty late to the party, but in case others land here with a similar question:

If I correctly gather what you're asking, you're getting the users to enable FileVault initially, rather than your own management account as the initial enabler of FileVault.
Then you're trying to use a policy to add an additional local admin accounts with the same policy, but getting an error.

Why? Because Casper doesn't know about what the password is to ADD other users to the FileVault encrypted disk. If it had been provisioned with your management account initially, this would work, no problem. But because Casper has no ability to unlock/authenticate to the encrypted drive to add a user, it fails.

0 Kudos