Help

Adding users to FileVault 2 (10.8) via a script

NickKoval
Contributor
Contributor

Posted on ‎12-15-2012 07:25 AM

I didn't see a script posted for this anywhere so I hope this helps you has much as it has helped us. You need to define 4 parameters (variables): #4 - Any admin user on the system, #5 - The password for that admin user, #6 - The user that you want to add unlocking privileges, #7 - The password for the newly added user.

For those of you new to scripting in the JSS, variables #1 - #3 are reserved for the JSS. You have to start at variable number 4.

Use this script at your own risk. It's been ruggedly tested on 10.8, 10.8.1 and 10.8.2. It will not work on Lion since lion lacks the fdesetup command. If you use it, leave a comment here, if you've got a better way to do any of the steps in the script, please add them and let us know.

#!/bin/sh

# Hardcoded values for the action and file are set here.
adminAccount="admin"
adminAccountPassword="apple"
accountToAdd="admin"
accountToAddPassword="apple"
fileNameWithPath="/tmp/fv"

# Check to see if an admin Account name was passed in parameter 4 and if so assign it to the adminAccount variable
if [ "$4" != "" ];then
    adminAccount=$4
fi

# Check to see if a password was passed in parameter 5 and if so assign it to the adminAccountPassword variable
if [ "$5" != "" ];then
    adminAccountPassword=$5
fi

# Check to see if an account to add was passed in parameter 6 and if so assign it to the accountToAdd variable
if [ "$6" != "" ];then
    accountToAdd=$6
fi

# Check to see if a password was passed in parameter 7 and if so assign it to the accountToAddPassword variable
if [ "$7" != "" ];then
    accountToAddPassword=$7
fi

#create the plist file
echo 'Creating the plist file '$fileNameWithPath'.'
fileNameWithPath+=".plist"
defaults write $fileNameWithPath '{ "Username" = '$adminAccount'; "Password" = '$adminAccountPassword'; "AdditionalUsers" = ( { "Username" = '$accountToAdd'; "Password" = '$accountToAddPassword'; } ); }'; 

# add the user to file vault
echo 'Adding '$accountToAdd' to FileVault 2 Decryption Users.'
fdesetup add -inputplist < $fileNameWithPath

#remove the plist file
echo 'Cleaning up plist file.'
rm -rf $fileNameWithPath
0 Kudos
Reply
5 REPLIES 5

rtrouton
Release Candidate Programs Tester

Posted on ‎12-15-2012 09:28 AM

Nick,

I'd recommend making one change to the script, which is to change it from using an admin user to using an account/password that's enabled for FileVault 2 on that particular Mac.

FileVault 2 uses key-based authentication under the hood, so if the admin user in question hasn't been enabled for FV 2, it won't have a key and won't be able to enable other accounts.

Thanks,
Rich

0 Kudos
Reply

jhbush
Valued Contributor II

Posted on ‎02-13-2013 09:20 PM

I was giving this a go and I get an error "Could not parse Try single-quoting it." If I change the quotes to all double quotes I get the variables in the plist. If I replace them with my values the whole things works. Any idea how to fix that one line?

0 Kudos
Reply

jhbush
Valued Contributor II

Posted on ‎02-13-2013 09:36 PM 

defaults write $fileNameWithPath "{ "Username" = '$adminAccount'; "Password" = '$adminAccountPassword'; "AdditionalUsers" = ( { "Username" = '$accountToAdd'; "Password" = '$accountToAddPassword'; } ); }";

Looks like I needed a double quote at the open and close.

0 Kudos
Reply

maiksanftenberg
Contributor II

Posted on ‎02-14-2013 06:23 AM

Jason I get the same error.
Did you get around that?

0 Kudos
Reply

maiksanftenberg
Contributor II

Posted on ‎02-14-2013 06:24 AM

Jason I get the same error.
Did you get around that?

0 Kudos
Reply