Help

Admin account password is incorrect- admin account is filevault enabled user

inflicted
New Contributor II

Posted on ‎08-24-2022 12:52 PM

 

 

Im in a situation where i cannot log onto the local admin account that was created when it went through the prestage enrollment.  Our encryption policy essentially made that local admin user a filevault user, but in JAMF, it shows as not encrypted still. Typically, I would just need to log onto that user from the login screen or terminal but it all shows me as password incorrect. I tried resetting the paassword in recovery mode (it asks for the admin account password which i dont know), I tried local account payload for resetting, deleting, and disable filevault user but they all returned errors and was unsuccessful.  Is there any way to navigate this?

0 Kudos
2 REPLIES 2

NickGuru
New Contributor III

Posted on ‎08-24-2022 04:41 PM

I had the same dilemma.
I went into Jamf to get the File Vault Recovery Key in which would be the Passphrase.
To get the user UUID, go into terminal and run these commands or create a policy in jamf and look at the logs for results.....
diskutil apfs list
diskutil apfs listUsers /dev/disk2s1
diskutil apfs listcryptousers /dev/disk2s1

The script.

#!/bin/bash
#!/bin/sh
diskutil apfs list
diskutil apfs listUsers /dev/disk2s1
diskutil apfs listcryptousers /dev/disk2s1
sudo fdesetup listdiskutil apfs decryptVolume /dev/disk2s1 -user 1278ECD9-91BA-4782-9B05-9715E26F77FB -passphrase GFGT-34YZ-BL2F-6ZY6-L8KJ-VGYJ

exit 0

0 Kudos

inflicted
New Contributor II
In response to NickGuru

Posted on ‎08-24-2022 10:02 PM

The FileVault keys are not in JAMF, even though there is a FileVault user there. In order for the keys to get escrowed into jamf, the FileVault user that was logged in when the FileVault policy ran needs to be signed into to enable.  Somehow the password for the admin account is not correct, even though I know what the password should be

0 Kudos