I inherited a pretty banged up Jamf environment and im looking for a way to re-escrow 103 users’ personal recovery keys. I know how I can do this on the Mac itself, but im wondering if theres a safe way for me to do this in bulk. Thanks!
Question
Re-escrow macs in bulk
+1
+11Hi Nick, you may look into this Escrow buddy
Also, you may want to google it - YouTube videos available
https://github.com/macadmins/escrow-buddy
+16Escrow Buddy was also recommended to us back when there was a PI about Jamf incorrectly identifying escrowed keys as invalid.
+11Check this manual, we still running every week one every Mac
Â
+1 to the Escrow Buddy suggestions — that’s been the safest “bulk” approach I’ve seen for re-escrowing PRKs without requiring hands-on.
Â
In Jamf Pro itself, the other angle is to make sure your FileVault configuration is set up to rotate/escrow the Personal Recovery Key (PRK) when it’s detected as missing/invalid, and then trigger that workflow via a policy/scope.
Â
If it helps, here’s a quick overview of how key escrow + rotation typically fits together (and what to check when keys show as missing): [Apple FileVault Policy](https://help.swif.ai/en/articles/7224706-apple-filevault-policy)
Â
If you share your Jamf Pro version + whether you’re using the built-in FileVault configuration/profile (or a custom one), folks can usually point to the exact rotate/escrow path that matches your setup.
+11Yeah, my escrow buddy policies run on a regular basis. works like a charm.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.