+8Hi all,
I thought I would have found the answer by myself… but no! I need your insights.
Let's say I have a AD + FV2 setup. Computer is shut down and user has forgotten his password. He logs to an internal webpage and resets password. Now he starts computer.
I guess the only way to get past pre-boot FV2 is by using a recovery key or admin password ?
Best answer by shyam_sm
Hi ,
During startup normally it will accept the OLD AD Password and once your HDD is Decrypted, again it will prompt you to enter your username and password. you can login with your AD Id and new password, Once you logged in you can Turn OFF the FileVault and Turn ON again, so that it sink with your new password.
+6Hi ,
During startup normally it will accept the OLD AD Password and once your HDD is Decrypted, again it will prompt you to enter your username and password. you can login with your AD Id and new password, Once you logged in you can Turn OFF the FileVault and Turn ON again, so that it sink with your new password.
Correct. The FileVault 2 pre-boot login is going to be using the old password for that account and won't be able to pick up the new password until the OS is running (which happens after logging in at the FileVault 2 pre-boot login screen) and able to talk to the Active Directory domain.
If you have another account that can log in at the FileVault 2 pre-boot login, that's likely the easiest approach. Otherwise, using the Mac's alphanumeric personal recovery key (if available) will also work to get you past the pre-boot login.
I have a post that includes how the password update procedure is supposed to work in a situation where the old password is known: https://derflounder.wordpress.com/2014/12/18/ten-things-you-might-not-know-about-filevault-2/ (see the Password Changes And FileVault 2 section.)
+8Thanks it is much clearer for me !
Is Cauliflower Vest still used in the MacAdmin community ? Would you use this to collect personal recovery keys or is there better alternatives ? Does Casper Suite have this functionality ?
Casper can handle FileVault 2 management, including collecting and storing personal recovery keys. For more information, I recommend checking out the following links:
http://www.jamfsoftware.com/resources/filevault-2-and-the-casper-suite/
http://www.jamfsoftware.com/resources/administering-filevault-2-with-the-casper-suite/
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
