so I got a notice today from the JSS saying that a user's machine had filevault disabled. I did not disable it, so i went to investigate.. the user said "oh yeah, this morning i was impatient waiting for my computer to boot, so i shut it off, and then i turned it back on and it gave me 3 options about logging in...so i put in my password and then it restarted and i could log in again!" so i walked through the steps, and what she did was reboot to the recovery partition, where entering her user password decrypted the drive and removed it from filevault and rebooted the machine.
this is the first im seeing this, am i crazy for thinking this is something that apple seriously overlooked or something? I don't want users to be able to completely disable filevault! i don't let them do that through system preferences, why would i want them to through recovery?
