Help

Accessing FileVault 2 encrypted machine without key? Can Apple help?

jeffnye
New Contributor

Posted on ‎11-07-2016 06:57 AM

We have a MacBook that a departed user encrypted with FV2 that we do not have access to (don't know the user's password, user removed admin accounts). We also have not (yet) archived FV2 keys in JAMF or with another solution.

Is there any way that Apple can assist with getting into the machine, if we can prove the chain of ownership?

Thanks in advance for any help.

Labels:
0 Kudos
4 REPLIES 4

rtrouton
Release Candidate Programs Tester

Posted on ‎11-07-2016 07:13 AM

Short answer: Nope (probably).

Longer answer: Without the password to a FileVault 2-enabled account, or a recovery key, you will not be able to unlock the encrypted disk. If the person in question had chosen the option to store a recovery key in iCloud using an Apple ID, it's possible that Apple may be able to reset the password to the Apple ID account in question and thus grant access to the recovery key stored in iCloud via the Reset Password wizard:

https://derflounder.wordpress.com/2015/01/17/yosemites-filevault-2-pre-boot-recovery-options/

A few years ago, I was asked about a similar situation and I asked three questions in return:

Question: Do you have the account password?

Answer: No

Question: Do you have the recovery key?

Answer: No

Question: Do you have lawyers?

Answer: Yes

Unfortunately, if you're out of technical solutions, the next step may be the legal solutions. If the departed user can still be located, it may be easier (from a purely technical perspective) to ask the user for the password for their account.

0 Kudos

flyboy
Contributor

Posted on ‎11-07-2016 07:13 AM

Unfortunately not, that would defeat the purpose of having an encrypted disk. Unless you have an institutional key, or can get the user to cooperate, you're out of luck.

0 Kudos

rtrouton
Release Candidate Programs Tester

Posted on ‎11-07-2016 07:24 AM

@jeffnye,

Do you just want to re-use the laptop? Or do you need access to the data stored on the encrypted disk?

If you don't need access to the data stored on the encrypted disk, it is possible to wipe the encrypted drive without needing the password to a FileVault 2-enabled account, or a recovery key. I have a post on how to wipe FileVault 2-encrypted drives, available via the link below:

https://derflounder.wordpress.com/2013/06/29/erasing-a-filevault-2-encrypted-volume/

0 Kudos

jeffnye
New Contributor

Posted on ‎11-07-2016 10:12 AM

Thanks for all the help, everyone; we were attempting to recover the data on the drive, but it sounds like we're out of luck. That was what we were expecting but it was worth a try.

0 Kudos