just curious if anyone has ran into this scenario.
before purchasing jamf, i already had filevault enabled for my mac users, I was saving the recovery key to a safe somewhere in our environment.
now that i have jamf, i want jamf to manage those keys with its filevault profile. would i need to decrypt my devices? and re-encrypt upon enrollment so that jamf can manage those encryption keys?
Hello.
I recommend that you reissue FileVault keys and escrow them in Jamf, as per your request.
To achieve that you have to:
• Create a configuration profile that explicitly escrow FV keys to Jamf ;
• Create a script to reissue key (continue reading...) ;
• Create a policy to reissue key ;
Here's a link for the how-to!
https://hcsonline.com/support/white-papers/how-to-reissue-a-recovery-key-for-filevault
:-)
Welcome aboard!
@dpv_bnc Thank you for the clear instruction. This has been successfully deployed at my company.
Hello.
I recommend that you reissue FileVault keys and escrow them in Jamf, as per your request.
To achieve that you have to:
• Create a configuration profile that explicitly escrow FV keys to Jamf ;
• Create a script to reissue key (continue reading...) ;
• Create a policy to reissue key ;
Here's a link for the how-to!
https://hcsonline.com/support/white-papers/how-to-reissue-a-recovery-key-for-filevault
:-)
Welcome aboard!
This is amazing. I had found this script a couple days ago but the Whitepaper is awesome! Step-by-Step.
Thank You,
VickiH
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.