Help

Enable ALL Users for FileVault2?

b3nn
New Contributor II

Posted on ‎06-11-2014 11:57 AM

i may not have looked hard enough, but is there a way to enable all users on each computer when deploying FileVault 2?
And how does everyone handle remote support when a reboot is needed and filevault is enabled and the user has walked away from the computer?

0 Kudos
1 REPLY 1

rtrouton
Release Candidate Programs Tester

Posted on ‎06-11-2014 12:16 PM

If you:

a) Know in advance what users need to be able to log in on a particular machine
b) Made sure that they have either local or mobile network accounts already set up on the machine in question at the time that you enabled FileVault 2.
c) Have each account's password available

Then you can enable all users when turning on FileVault 2 on a particular machine. You can use fdesetup's ability to import a plist (with the username and password information stored in the plist) and enable these accounts when initializing FileVault 2 on that machine. The usual issue is that you won't have the user passwords and you must have them in order to enable the account.

I have a post on using fdesetup on Mavericks available here:

http://derflounder.wordpress.com/2013/10/22/managing-mavericks-filevault-2-with-fdesetup/

When you need to reboot a FileVault 2-encrypted Mac and you're not at the machine, I recommend using fdesetup authrestart. I have a post on that available here:

http://derflounder.wordpress.com/2012/09/22/fdesetup-authrestart-filevault-2s-one-time-encryption-by...

0 Kudos