Filevault 2 & Installing packages

Hi @Kyuubi,

At that stage, the machine is booted into what's called the pre-boot login window. The machine is actually booted from the Recovery HD (which is one of the reasons you need a Recovery HD to enable FV2), not the main OS. For that reason, you will not be able to install packages from Casper until a FV2 enabled user has authenticated to unlock the boot drive, and the machine has booted into the OS.

Hope that helps!
-Kitzy

Thats what I thought. That sucks. So software that requires a reboot effectively locks that machine up until a user logs into it and the OS loads. That is going to need to be changed.
Thanks @RobertHammen

@Kyuubi

Definitely have a look at the Apple kbase article that @RobertHammen linked. It sounds like an authenticated restart is what you're after. You can find an option for authenticated restart under the restart options in a policy.

Hope that helps!
-Kitzy

@kitzy

Thanks for that and pointing back to RobertHammen. I totally bypassed his link and the authenticated user login. I'll be looking into that now. Thanks again fellas

@kitzy

Do you know if the option for authenticated restart is in v. 9.60? I can't find it. That'll be a reason to upgrade because FV2 isn't going anywhere and I need that functionality.

authenticated restart (or authrestart) is an fdesetup function. Is it also something that can be called from the JSS? I don't think it is, but if so, I wasn't aware of that.

I'm not sure exactly what version the option appeared, but I can confirm that it's available in v9.65.

Wasn't even aware of that option. I must have missed that memo :)
Its there on our 9.63 JSS, so it goes back at least to that version, but perhaps earlier. That's a good one to know about.
I also see that Casper Remote 9.63 has the same checkbox in it. The 9.61 version I had lying around does not have that option, so my assumption is version 9.61 of the JSS didn't have the ability to do this.