Still getting the prompt to enable filevault encryption on MacBook Pro running Yosemite
after removal of "jamf" ?? Would anyone know what is the cause and how to remove ??
Question
Prompting to enable FileVault
+1
+11How did you "remove jamf" from the machine.. Did you remove framework from the terminal, and also removed out of JSS?
+13I had the same issue for several months, both with Yosemite and El Capitan.
The 10.11.4 update solved it for me.
+16Yep there is a thread about this floating around or in a thread about FV... it was sort of left as an Apple issue..
C
+15That's because the Mac is set to enable FileVault. Removing JAMF doesn't remove that command. I believe 'fdesetup disable' will cancel it though.
+13fdestup -disable would only work short term for me. The only permanent solution I have found is 10.11.4.
+11I have yet to experience that issue... Normally if I unenroll a machine and remove from the JSS, they wouldn't get the policies for FileVault2..
+13Yeah at first I also thought it was a Casper thing. But I would remove the JAMF framework and also remove the devices from the JSS, and would still get the prompt.
I have a test box with a small SSD (i.e. fast encryption) I can test this with. I've been meaning to confirm my findings anyway. This drove me nuts for quite some time.
+5try hosing the /Library/Preferences/com.apple.fdesetup.plist (if there is one). I think @thoule & I figured out at some point it was being a PITA.
+13OK so I did my little test and threw in @themonger13's suggestion into the mix.
- Lay down 10.10.5 Yosemite & create local admin accountl.
- Enroll in JSS. A hidden management account is created on enrollment.
- Scope FiveVault2 via policy in Self Service to this box.
- Recon (for no good reason).
- Remove Mac from JSS.
- Remove framework.
- Disable FileVault2 and let decryption process complete.
- Reboot and log in to local admin account - and get prompted to reenable FileVault2 (without a second account to log in to it would be necessary to reenable FileVault2).
- Cancel and return to login screen.
Log in to invisible management account. No prompt.
Delete /Library/Preferences/com.apple.fdesetup.plist.
- Reboot and log in to local admin account - no prompt for FileVault.
It seems @themonger13's suggestion works.
Press on to confirm whether or not El Capitan 10.11.4 corrects the problem:
- From the original local admin account reenable FV2 via Self Service.
- Let encryption complete.
- Disable FV2 and let decryption complete.
- Reboot.
- Log in to original local admin account and again get prompted to reenable FV2.
- Deny and log in to second local admin account.
- Confirm /Library/Preferences/com.apple.fdesetup.plist is present.
- Upgrade to El Capitan 10.11.4 through Self Service.
- Attempt to log in to first local admin account - get the steenking prompt. So much for the 10.11.4 solution.
Log in to second local admin account and delete /Library/Preferences/com.apple.fdesetup.plist.
Problem gone.
@themonger13 wins the beers.
+24The underlying reason is that Casper just initiates the change. Once it's set to enable, the rest is internal to the OS. You have to remove the plist to tell the OS to no longer enable.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.