Skip to main content
Question

FileVault - Some Users are not able to unlock the disk

  • January 6, 2020
  • 5 replies
  • 103 views
O
Forum|alt.badge.img+14

Hi

We are transitioning to enabling FileVault by Configuration Profile once Mac is enrolled via DEP.

All is well, except we cannot add other authorized users to fileVault using the FileVault System Preferences --> Enable Users button.

I just click the "Enable Users" button and it does nothing.

Any ideas??? What is best practice for getting an end user and a local admin account enabled for FileVault.

We are testing with Mojave 10.14.6

    5 replies

    R
    Forum|alt.badge.img
    • rmorris
    • New Contributor
    • February 13, 2020

    Hi ooshnoo,

    Did you resolve the above issue? I am new to JamfPro and I am seeing the same behavior.

    Thanks
    Rob

    T
    Forum|alt.badge.img+10
    • tjhall
    • Contributor
    • February 13, 2020

    This is usually down to the Mac's being imaged the old way which means the admin account wasn't provided with a secure token. There are possibly ways around it (good info here https://travellingtechguy.eu) but best way is to wipe and re-install MacOs from scratch using the MacOs installer (https://www.jamf.com/blog/reinstall-a-clean-macos-with-one-button/?keywords=eraseinstall)

    R
    maheshveldandi
    Forum|alt.badge.img+8

    While turning on File-Vault getting error “there was a problem enabling FileVault’.One more error Defferred enablement appears to be activate for user '1-user'.. Suggest the ways to resolve the issue.

    atomczynski11
    Forum|alt.badge.img+18
    • atomczynski11
    • Jamf Heroes
    • February 21, 2020

    I was recently working on a machine where the Managed / Mobile user had the token but the local account did not.
    I've used this script to pass the SecureToken to the local user.

    https://github.com/koalatee/scripts/blob/master/jamf/NewUserSetupAPFS.sh

    While this may not fix the root cause, you might be able to get by to make the device usable.

    D
    D
    Forum|alt.badge.img+7

    I was recently working on a machine where the Managed / Mobile user had the token but the local account did not.
    I've used this script to pass the SecureToken to the local user.

    https://github.com/koalatee/scripts/blob/master/jamf/NewUserSetupAPFS.sh

    While this may not fix the root cause, you might be able to get by to make the device usable.


    Thank you! The script has moved slightly. But once I found it, created a policy to execute it, it worked like a charm!

    https://github.com/koalatee/scripts/blob/master/macOS/NewSecureTokenUserSetup.zsh

    Terms & ConditionsCookie settingsAccessibility statement