Deploy secondary admin account with FileVault
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-04-2022 05:05 PM
Hi,
Does anyone know if its possible to deploy a secondary admin account that has FileVault enabled through a script? It looks like it was retired in Jamf with macOS 10.3. The only way I see right now is to enable the account from the primary admin account that has FileVault enabled.
Any suggestions on a work around is appreciated.
Thanks in Advance!

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-05-2022 04:15 AM
As long as you credentials for the accounts, it should be possible. I would start with Rich's write up
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-05-2022 09:49 AM
Thanks! I'll take a look

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-10-2022 10:39 PM
If you know the login/password for the first admin account with FileVault Token, then you should be able to remotely send a dscl command with that to create another one.
If you are on Monterey, then you can create another admin account remotely, but only AFTER logging in on the mac itself (so not via SSH or remote commands) then it should get the FileVault Token automatically.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-11-2022 05:29 PM
Im trying to do zero touch deployment so the end user would be the first admin account to be filevault enabled and I wouldn't have their password. Trying to see if I can have a secondary admin account enabled via self-service that prompts them for their password to add the secondary account

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-11-2022 11:09 PM
I think this might help:
https://github.com/jamf/FileVault2_Scripts/blob/master/addCurrentUser.sh
However if the first user already is admin, then he/she could just easily manually create a new (admin) account via Users & Groups. That account then will automatically have the FileVault Token.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2022 10:53 PM - edited 05-11-2022 11:09 PM
<remove me>
