Is it possible to install packages via Casper v 9.6 to a machine that is encrypted using FileVault 2 and has been rebooted and stuck at the "login window" FV2 throws up there? Has the OS loaded enough to install packages from Casper?
Thanks in advance.
Nope, you're at the pre-boot authentication window. That's when you've started up from Recovery. The JAMF agent hasn't loaded.
What you want is authenticated restart, which works on specific hardware:
https://support.apple.com/en-us/HT202918
Hi @Kyuubi,
At that stage, the machine is booted into what's called the pre-boot login window. The machine is actually booted from the Recovery HD (which is one of the reasons you need a Recovery HD to enable FV2), not the main OS. For that reason, you will not be able to install packages from Casper until a FV2 enabled user has authenticated to unlock the boot drive, and the machine has booted into the OS.
Hope that helps!
-Kitzy
Thats what I thought. That sucks. So software that requires a reboot effectively locks that machine up until a user logs into it and the OS loads. That is going to need to be changed.
Thanks @RobertHammen
Definitely have a look at the Apple kbase article that @RobertHammen linked. It sounds like an authenticated restart is what you're after. You can find an option for authenticated restart under the restart options in a policy.
Hope that helps!
-Kitzy
Thanks for that and pointing back to RobertHammen. I totally bypassed his link and the authenticated user login. I'll be looking into that now. Thanks again fellas
Do you know if the option for authenticated restart is in v. 9.60? I can't find it. That'll be a reason to upgrade because FV2 isn't going anywhere and I need that functionality.
authenticated restart (or authrestart) is an fdesetup function. Is it also something that can be called from the JSS? I don't think it is, but if so, I wasn't aware of that.
I'm not sure exactly what version the option appeared, but I can confirm that it's available in v9.65.
Wasn't even aware of that option. I must have missed that memo :)
Its there on our 9.63 JSS, so it goes back at least to that version, but perhaps earlier. That's a good one to know about.
I also see that Casper Remote 9.63 has the same checkbox in it. The 9.61 version I had lying around does not have that option, so my assumption is version 9.61 of the JSS didn't have the ability to do this.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.