Jamf Nation Community

milesleacy · ‎08-01-2017

Has anyone successfully created a custom configuration profile payload for com.apple.MCX.FileVault2?

I want to do this to avoid conflicts with the other MDM payloads that are set by Jamf's Security & Privacy GUI payload.

I would want to set the equivalent settings to the screenshot below, with the addition of the Institutional key certificate.

I'm throwing this out to the community to see if anyone has already worked this out before I invest too much research and work.

daz_wallace · ‎08-02-2017

Hey @milesleacy Yup, I've got a blog incoming on it, but the profile can be found here.

Note: This needs to be signed before uploading to the JSS, and don't de-sign / unlock once uploaded or it'll get tainted with the other settings.

Good luck : )

Darren

EDIT: Just re-checked your screenshot. I'm afraid my profile won't do the institutional Key, but will do the individual. If nothing else, it should serve as a starting point

milesleacy · ‎08-02-2017

Awesome, thanks @daz_wallace !

I'm curious though, do we have reason to believe that a custom payload inside Jamf Pro, using the com.apple.MCX.FileVault2 domain and providing the relevant keys & values, would not work?

I haven't tried it, but I will once I carve out a bit of lab time.

daz_wallace · ‎08-02-2017

Hey @milesleacy An unsigned profile would work but allows the JSS to make changes (including locking out the other areas of the Security and Privacy preference pane) which is undesired I'm afraid.

Same issue if you try to use some custom profiles that already have GUI options in the JSS.

Good luck!

Darren

gachowski · ‎08-03-2017

Just a FYI I think there is a new profile for FileVault with Hight Sierra, I think it might just be to direct the keys but you should investigate.

C

Jamf Nation Community

com.apple.MCX.FileVault2 Custom macOS Configuration Profile Payload