- Jamf Nation Community
- Products
- Jamf Pro
- Re: Adding management account AND the next user to...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-15-2012 08:40 AM
Is this possible using casper encryption configurations or do I have to script it using fdesetup?
Cheers
Matt
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-15-2012 09:05 AM
You'll need to pick one option or the other and that will also be true when scripting with fdesetup. The "next user" option uses fdesetup enable -defer.
An important thing to know about the -defer option is that it enables one single user account at the time of turning on FileVault 2 encryption. The -defer option does not enable multiple user accounts and cannot be used to enable accounts once FileVault 2 encryption has been turned on.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-15-2012 09:05 AM
You'll need to pick one option or the other and that will also be true when scripting with fdesetup. The "next user" option uses fdesetup enable -defer.
An important thing to know about the -defer option is that it enables one single user account at the time of turning on FileVault 2 encryption. The -defer option does not enable multiple user accounts and cannot be used to enable accounts once FileVault 2 encryption has been turned on.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-15-2012 10:20 AM
Ahh thanks Rich,
So i'd have to use the -defer flag or casper's next user configuration first and then wait until encryption is complete, then add the admin account?
sudo fdesetup add -inputplist < /path/to/filename.plistAm I right in thinking that only the previously enabled user's password/recovery key will do for authorising the above command via the plist? Can an Institutional recovery key be used somehow?
Thanks
Matt
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-15-2012 10:35 AM
Matt,
You're correct, you will need the previously enabled user's password.
If it's available as a recovery key option, you may also be able to use the alphanumeric recovery key in the plist as that's listed as an option in the fdesetup man page. However, I have not been able to get that to work in my own testing.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-15-2012 03:53 PM
Many thanks,
I'll give it a go and submit a ticket to apple when it doesn't work.
Might look into prompting the user for their password, but that seems like it might be asking for trouble/confusion!
Cheers
Matt
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-15-2012 04:11 PM
I bet : )
That Jamf has asked for this already. I would ask you Jamf rep for the feature/bug ID number and then ask your Apple rep to push it..
