The last few High Sierra machines we have deployed I have noticed that after setting up Encryption and its completion, on the Filevault window it says Some Users are not able to unlock the disk. When I click on Enable users and login as the AD/Mobile User I get the check mark like all is good but after I reboot they are not enabled again. I have even tried to manually provide them with a SecureToken using the sysadminctl commands and after reboot same thing. Is there something wrong or what are the affects of a user not being enabled to unlock the drive?
Question
FileVault2 Enabled Users High Sierra
+6
+18Make sure to run "diskutil apfs updatePreboot /" after adding users (we do this programmatically post sysadminctl user add).
+6Whats odd is I would expect if the user is truly not able to unlock the disk it should ask for a disk password correct? The user can login as normal and you can watch the progress bar run its course and get into the users desktop.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.