Posted on 11-24-2014 09:59 AM
Hi all,
quick question. I've joined a new firm and they're looking to roll out Casper. Part of the roll out will be encrypting all Macs using the Casper FV2. We already have some Macs encrypted and were wondering how these would integrate in to Casper? I've used FV2 before with Casper and know there is the institutional recovery key and that JSS holds all keys. How would the recovery keys of those Macs encrypted before Casper roll out be managed post-roll out etc? Anything we should look out for/make sure we do?
thanks,
Posted on 11-24-2014 10:11 AM
Since the JSS won't be able to use or upload those machine's recovery keys, the "easiest" thing to do is just decrypt those drives then re-encrypt with the casper policy.
Another option is to make whatever account you end up using as your Casper management account on the machine an enabled FV2 user, then use a policy to re-issue a recovery key and that one should get uploaded to the JSS.
Posted on 11-24-2014 10:16 AM
Thanks you
Posted on 11-24-2014 12:50 PM
We had this problem a few years ago.
Figure out a dns and stick with it. If you're just internal and you've got a lot of folk traveling with laptops you may want to consider putting in a limited access JSS and having all clients hit that.
Also, if you're just getting your users to start the enrollment process, make sure self service has something they want, and then consider adopting the value added mentality. You want VPN? You need casper.