Adding hidden filevault enabled user workflow

rluk
New Contributor

I am trying to create a hidden admin user that is filevault enabled and don't know what the most efficient way to do this. From my research I have two options:

  1. Create user through Jamf payload policy, which has the ability to add filevault user, but not hide the account. Then manually script to make the account hidden.

  2. Create user through jamf createAccount or createUserpkg. This has the ability to hide user, but not enable for filevault. The only authentication method I have when I run fdesetup to add hidden user is through the management account, but the password is random so do not know if this is an option.

I have read rtrouten's article on how to hide a filevault 2 enabled admin, but if there is someone that has experience creating this in one shot or with a script, that would be extremely helpful. Thanks!!

2 REPLIES 2

rtrouton
Release Candidate Programs Tester

@rluk, what are the circumstances where are you trying to hide the FileVault-enabled user?

If you're trying to hide it at the FileVault 2 pre-boot login, unfortunately there is no way to prevent an FileVault 2-enabled account from appearing there.

rluk
New Contributor

@rtrouton Yup, I don't mind it showing on filevault boot screen, just hidden from the OS.