Help

Deleting the FileVault Institutional Key

bmarks
Contributor II

Posted on ‎10-21-2019 07:34 PM

Due to changes in the philosophy of our security team, we'd like the delete the institutional keys off of our Macs. I have read Rich Trouton's extensive blog posts on this topic, and it appears it can be automated somewhat using a .plist file pre-populated with either the user's password or the individual FileVault key.

Can anyone think of a way to do this silently and without user interaction if you don't know the user's password or individual key? I'd like to make this invisible to the user.

0 Kudos
4 REPLIES 4

gaoyajing0810
New Contributor II

Posted on ‎10-22-2019 11:58 AM

Have you tried using the ‘fdesetup’ command to manipulate the encryption, decryption, and decryption of the disk. Or close FileVault

Use jamf manage default administrator to close

0 Kudos

gaoyajing0810
New Contributor II

Posted on ‎10-22-2019 11:58 AM

Have you tried using the ‘fdesetup’ command to manipulate the encryption, decryption, and decryption of the disk. Or close FileVault

Use jamf manage default administrator to close

0 Kudos

gaoyajing0810
New Contributor II

Posted on ‎10-22-2019 11:58 AM

Have you tried using the ‘fdesetup’ command to manipulate the encryption, decryption, and decryption of the disk. Or close FileVault

Use jamf manage default administrator to close

0 Kudos

bmarks
Contributor II

Posted on ‎10-22-2019 07:57 PM

We manage FileVault with a configuration profile, so fdesetup can't be used to disable FV.

0 Kudos