Skip to main content

I'm trying to test the password recovery option with FileVault, where you type your password incorrectly three times at the boot login. I get the prompt to enter the recovery key, i enter it and then it boots to the login screen where i'm prompted to enter a new password for my encrypted user. I enter a new password and it just shakes it off. I'm forced to enter my actual password.



This is a Macbook Pro running 10.9 and i used JSSv9.2 to setup filevault2 with an individual key and institutional key. This is an AD bound user with a mobile account(which now that i think about it, might have something to do with the problem).



Summoning @rtrouton][/url][/url][/url



EDIT: I enabled a second standard user with FileVault and tried this with that user and i was able to reset the password. So, the issue seems to be with the AD bound user only.



Found another thread on the topic: https://jamfnation.jamfsoftware.com/discussion.html?id=7400

I don't think this is possible with AD accounts, as you'd have to provide the correct password in order to change it

I thought I would share a simple script that helps migrate this...



#!/bin/bash

#

#   migrateNetLocalhomeToLocalHome -This script is meant for users that have local homedirs but are network based and we want 

#       to move them to local homedirs with locally cached AD user account (aka mobile user). 

#       

#       



######################### Username is needed to start this migration ##################



# Replace "$4" with the actual username if you're running this through ARD

username=$4



/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n $username -h /Users/$username -S -v



######## NOTE: The below lines are not applicable if the user has been added as a local admin within Active Directory. ########### 

# Add this user to local admin group

# dscl . -append /Groups/admin GroupMembership $username
Terms & ConditionsCookie settings