Disable FileVault login prompt in El Capitan & Sierra

cwaldrip
Valued Contributor

I'm trying to disable FileVault 2 login prompt as part of my upgrade to Sierra. I'm running...

defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES

...before the upgrade (on a 10.11 box). But still get a prompt on restart keeping the upgrade from running.

I've tested this manually on both a 10.11 and 10.12 and the machine always prompts on restart. :-

3 REPLIES 3

donmontalvo
Esteemed Contributor III

@cwaldrip

I'm trying to disable FileVault 2 login prompt as part of my upgrade to Sierra. I'm running...
defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
...before the upgrade (on a 10.11 box). But still get a prompt on restart keeping the upgrade from running. I've tested this manually on both a 10.11 and 10.12 and the machine always prompts on restart. :-

We experimented with sudo fdesetup authrestart on Sierra ugprade, but user keeps getting prompted.

Even on computers that support it, verified by fdesetup supportauthrestart.

So for now users know when upgrading to Sierra they'll be prompted for their FileVault 2 password.

--
https://donmontalvo.com

psliequ
Contributor III

The defaults command you tried in the first post is meant to affect whether a login at the Filevault 'pre-boot' screen passes the user to their desktop without an additional login at the standard macOS loginwindow.

@donmontalvo have you tried doing an authenticated restart using the Jamf Pro built in functionality? If so and it didn't work, was the management account a filevault user or did the Jamf Pro instance have a recovery key in its database?

cwaldrip
Valued Contributor

I have "Perform authenticated restart on computers with FileVault 2 enabled" checked and we're using an institutional key. The user account logged in and executing the policy from Self Service is FileVault authorized. On restart we get a FileVault login prompt before the Sierra installer will run.