Jamf Nation Community

Jasonffs · ‎05-04-2022

Hi,

Does anyone know if its possible to deploy a secondary admin account that has FileVault enabled through a script? It looks like it was retired in Jamf with macOS 10.3. The only way I see right now is to enable the account from the primary admin account that has FileVault enabled.

Any suggestions on a work around is appreciated.

Thanks in Advance!

efil4xiN · ‎05-05-2022

As long as you credentials for the accounts, it should be possible. I would start with Rich's write up

Jasonffs · ‎05-05-2022

Thanks! I'll take a look

TechSpecialist · ‎05-10-2022

If you know the login/password for the first admin account with FileVault Token, then you should be able to remotely send a dscl command with that to create another one.

If you are on Monterey, then you can create another admin account remotely, but only AFTER logging in on the mac itself (so not via SSH or remote commands) then it should get the FileVault Token automatically.

Jasonffs · ‎05-11-2022

Im trying to do zero touch deployment so the end user would be the first admin account to be filevault enabled and I wouldn't have their password. Trying to see if I can have a secondary admin account enabled via self-service that prompts them for their password to add the secondary account

TechSpecialist · ‎05-11-2022

I think this might help:

https://github.com/jamf/FileVault2_Scripts/blob/master/addCurrentUser.sh

However if the first user already is admin, then he/she could just easily manually create a new (admin) account via Users & Groups. That account then will automatically have the FileVault Token.

TechSpecialist · ‎05-11-2022

Jamf Nation Community

Deploy secondary admin account with FileVault