Skip to main content
Question

Adding users to FileVault 2 (10.8) via a script

  • December 15, 2012
  • 5 replies
  • 0 views

Forum|alt.badge.img+19

I didn't see a script posted for this anywhere so I hope this helps you has much as it has helped us. You need to define 4 parameters (variables): #4 - Any admin user on the system, #5 - The password for that admin user, #6 - The user that you want to add unlocking privileges, #7 - The password for the newly added user.

For those of you new to scripting in the JSS, variables #1 - #3 are reserved for the JSS. You have to start at variable number 4.

Use this script at your own risk. It's been ruggedly tested on 10.8, 10.8.1 and 10.8.2. It will not work on Lion since lion lacks the fdesetup command. If you use it, leave a comment here, if you've got a better way to do any of the steps in the script, please add them and let us know.

#!/bin/sh

# Hardcoded values for the action and file are set here.
adminAccount="admin"
adminAccountPassword="apple"
accountToAdd="admin"
accountToAddPassword="apple"
fileNameWithPath="/tmp/fv"

# Check to see if an admin Account name was passed in parameter 4 and if so assign it to the adminAccount variable
if [ "$4" != "" ];then
    adminAccount=$4
fi

# Check to see if a password was passed in parameter 5 and if so assign it to the adminAccountPassword variable
if [ "$5" != "" ];then
    adminAccountPassword=$5
fi

# Check to see if an account to add was passed in parameter 6 and if so assign it to the accountToAdd variable
if [ "$6" != "" ];then
    accountToAdd=$6
fi

# Check to see if a password was passed in parameter 7 and if so assign it to the accountToAddPassword variable
if [ "$7" != "" ];then
    accountToAddPassword=$7
fi

#create the plist file
echo 'Creating the plist file '$fileNameWithPath'.'
fileNameWithPath+=".plist"
defaults write $fileNameWithPath '{ "Username" = '$adminAccount'; "Password" = '$adminAccountPassword'; "AdditionalUsers" = ( { "Username" = '$accountToAdd'; "Password" = '$accountToAddPassword'; } ); }'; 

# add the user to file vault
echo 'Adding '$accountToAdd' to FileVault 2 Decryption Users.'
fdesetup add -inputplist < $fileNameWithPath

#remove the plist file
echo 'Cleaning up plist file.'
rm -rf $fileNameWithPath

5 replies

Forum|alt.badge.img+31
  • Employee
  • 920 replies
  • December 15, 2012

Nick,

I'd recommend making one change to the script, which is to change it from using an admin user to using an account/password that's enabled for FileVault 2 on that particular Mac.

FileVault 2 uses key-based authentication under the hood, so if the admin user in question hasn't been enabled for FV 2, it won't have a key and won't be able to enable other accounts.

Thanks,
Rich


jhbush
Forum|alt.badge.img+26
  • Esteemed Contributor
  • 539 replies
  • February 14, 2013

I was giving this a go and I get an error "Could not parse Try single-quoting it." If I change the quotes to all double quotes I get the variables in the plist. If I replace them with my values the whole things works. Any idea how to fix that one line?


jhbush
Forum|alt.badge.img+26
  • Esteemed Contributor
  • 539 replies
  • February 14, 2013
defaults write $fileNameWithPath "{ "Username" = '$adminAccount'; "Password" = '$adminAccountPassword'; "AdditionalUsers" = ( { "Username" = '$accountToAdd'; "Password" = '$accountToAddPassword'; } ); }";

Looks like I needed a double quote at the open and close.


Forum|alt.badge.img+9

Jason I get the same error.
Did you get around that?


Forum|alt.badge.img+9

Jason I get the same error.
Did you get around that?


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings