Help

Disabling FireVault

rowanquigley
New Contributor

Posted on ‎01-28-2015 10:13 PM

...

0 Kudos
Reply
4 REPLIES 4

calumhunter
Valued Contributor

Posted on ‎01-28-2015 11:58 PM

enable FV escrow into the JSS? atleast that way you can unlock them

If they are admins they can do anything, so I wouldn't bother trying to stop them doing something. that only spurs them on more.

Instead put in systems that allow them to use filevault but also gives you the ability to provide support to them.

Make sure you check out everything by @rtrouton he's pretty much the authority on filevault
https://derflounder.wordpress.com/

0 Kudos
Reply

rowanquigley
New Contributor

Posted on ‎01-29-2015 01:49 AM

...

0 Kudos
Reply

RobertHammen
Valued Contributor II

Posted on ‎01-29-2015 04:45 AM

I assume you meant "FileVault"...

Honestly nothing good can come from kids being admins, but that's just my opinion.

Greg Neagle has a custom configuration profile to not disable FileVault. I assume it would work the other way around, but haven't tested it.

More details here:

https://managingosx.wordpress.com/2014/05/21/preventing-users-from-disabling-filevault-2/

0 Kudos
Reply

rtrouton
Release Candidate Programs Tester

Posted on ‎01-30-2015 12:31 PM

If you're 100% certain that you want to disable FileVault 2, the easiest way to do so is to remove the Recovery HD partition from the machines in question. FileVault 2 relies on Recovery HD in order to access the FileVault 2 unlock tools.

Without a valid and working Recovery HD on the machine, any attempt to enable FileVault 2 using either Apple's fdesetup command line tool or the FileVault preference pane in System Preferences will not succeed. This is because the FileVault 2 setup process will check for the presence of Recovery HD and will not proceed with encrypting the Mac if Recovery HD is not there.

0 Kudos
Reply