Having concluded that FileVault isn't going to be a good idea in our domain-joined, student lab environment, I have made a configuration profile to disable it. This configuration profile is applied during the pre-stage enrollment – i.e. as early as it possibly can be. I have verified that it is indeed applying within seconds of the computer getting past the voiceover setup prompts. And yet, the first user who logs in, gets a big prompt for enabling FileVault, *with enabling it checked by default*, i.e. enabling it!
If I manually uncheck the box and click Continue, and then go look in System Settings, FileVault says that it is disabled by policy and does not allow the user to change it! So the configuration profile is clearly applying, but it seems not to prevent the first user being prompted anyway.
Any idea how I can stop the first user getting this prompt?
(The funny thing is, before I created the configuration profile to disable FileVault, the first user was NOT prompted in this way. I was only creating the configuration profile to prevent...incidents. Now it appears to be a problem whether I do a configuration profile or not.)
Thanks,
Lisa.