Disk Encryption and PRK

Sclewis
New Contributor III

I'm attempting to switch computers from Jamf Now to Jamf Pro. I created a configuration profile for disk encryption and it's showing the device is encrypted. However when I view the settings on the device via inventory in Jamf, there's no Disk encryption configuration and the PRK is "unknown". When I try to reissue, the policy just sits at pending despite logging out/in or rebooting. I haven't been able to find anything helpful in documentation or on the web. Thanks. 

3 REPLIES 3

Sclewis
New Contributor III

I was able to do it by manually entering the sudo command in the terminal but it sure would be nice to not have to do this for every single user manually. Anyone? Anyone? Buller? 

Tribruin
Valued Contributor II

Unfortunately, there is no easy way to do it without user interaction. We have a policy in Self Service that runs this script. It prompts the user for their password and the rotates the PRK. As long as you have a configuration profile that escrows the PRK to Jamf, it will capture the updated PRK to Jamf:

 

FileVault2_Scripts/reissueKey.sh at master · jamf/FileVault2_Scripts · GitHub

Sclewis
New Contributor III

Thanks for this response. I've run this script as a self service policy as suggested. All seems to be going fine, and initially the user gets a message saying that a new PRK has been issues. However right after that the policy fails. I'm getting to following error messages: "User could not be authenticated" and "unable to unlock or authenticate to FileVault". I don't have any other policies or configurations in place that limit the user access to FileVault, so I am a bit stumped. Any help appreciated.