I'm trying to solve the puzzle of "deferred enablement" in deploying an individual key configuration to 10.8 machines via self service.
Seems that if a user does anything but immediately log out after the 10.8 encryption policy is run from self service, the machine goes into deferred enablement. I verified this using the following command:
sudo fdesetup status
For example, when they see the logout message, most users try to be good citizens and close applications/windows. This is seems to defeat the rest of the process and no amount of restarting will nudge the machine out of this state. As far as I can tell, the policy needs to be run again and once it completes, the user must immediately log out. If he/she closes open applications and windows, we'll be stuck in the loop again. The question is:
Once a machine reaches a state of deferred enablement, how do we close the deal?
In my experience, logouts and restarts do not help if the user doesn't complete the process in the proper sequence without adding any of his/her own steps. Do I have to depend on the user to run the policy again...and correctly.
First post and new to Casper. Thanks for any help!
