Skip to main content
Question

DEP and filevault script

KyleEricson
Forum|alt.badge.img+16

Two issues I have.
1. The newly created user is not added to FileVault 2. Can I do a fdesetup -add -usertoadd to fix this
2. My verification to see if the user is enabled for FileVault 2 doesn't seem to do anything.

Ideas?

#!/bin/bash

if [ "$IS_LAPTOP" != "" ]; then
    #username=$(/usr/bin/osascript -e 'Tell application "System Events" to display dialog "Please enter the domain username or select Cancel." default answer "johdoe"' -e 'text returned of result' 2>/dev/null)
username=$(/usr/sbin/scutil --get ComputerName | cut -d- -f1)
#Create AD mobile account
/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n $username -D

#Make Admin
/usr/sbin/dseditgroup -o edit -a "$username" -t user admin

#Disable parental controls
sudo dscl . -mcxdelete /Users/$username
sudo rm -rf /Library/Managed Preferences/$username


user_password=$(/usr/bin/osascript -e 'Tell application "System Events" to display dialog "Please enter the domain user password or select Cancel." default answer "Acemfg1"' -e 'text returned of result' 2>/dev/null)


sysadminctl   "$username" -password "$user_password" -secureTokenOn -adminUser "Administrator" -adminPassword "adminpassword"

#  "Message"
function error() {
  osascript <<EOT
    tell app "System Events"
      display dialog "$1" buttons {"OK"} default button 1 with icon caution with title "Important Info"
      return  -- Suppress result
    end tell
EOT
}

error "$username account has been created. Update user and location info in JAMF console @ https://acemfg.jamfcloud.com"

# Did we succeed?
if fdesetup list | grep -q ${username}
then
  echo "Successs!"
  error "Success FileVault is enabled for $fullname"
  #/usr/local/bin/jamf policy -event azurereg
  exit 0
else
  echo "Failed :("
  error "Failed FileVault is not enabled for $fullname open System Preferences->Security & Privacy->FileVault to fix"
  exit 1
fi
else    
username=$(/usr/sbin/scutil --get ComputerName | cut -d- -f1)
#Create AD mobile account
/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n $username -D

#Make Admin
/usr/sbin/dseditgroup -o edit -a "$username" -t user admin

#Disable parental controls
sudo dscl . -mcxdelete /Users/$username
sudo rm -rf /Library/Managed Preferences/$username


user_password=$(/usr/bin/osascript -e 'Tell application "System Events" to display dialog "Please enter the domain user password or select Cancel." default answer "Acemfg1"' -e 'text returned of result' 2>/dev/null)
#/usr/local/bin/jamf policy -event azurereg

#  "Message"
function error() {
  osascript <<EOT
    tell app "System Events"
      display dialog "$1" buttons {"OK"} default button 1 with icon caution with title "Important Info"
      return  -- Suppress result
    end tell
EOT
}

error "$username account has been created. Update user and location info in JAMF console @ https://acemfg.jamfcloud.com"
exit 0

fi
Read My Blog: https://www.ericsontech.com

    0 replies

    Be the first to reply!

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings