Hello guys! I'm new to the community and kinda new to jamf pro itself.
Could probably someone assist me with the next feature implementation.
We have 2 local accounts created by a policy for our macbooks (besides the end-user's). They are: LAPS configured with this script and a local admin with a company admins shared password.
Filevault enabling policy is now configured to Apply Disk Encryption Configuration, Default Filevault Policy, Requires fv2 At next login. This policy affects the scope of a Smart computer group with the next criteria: FileVault 2 Partition Encryption State is not Encrypted.
My question is: what's the bets way to activate FileVault for laps and the second local admin without any end-user notification?
Thanks in advance.
Adding an update here:
Investigated laps solutions and here's my conclusion:
was updated 6 years ago last time: https://github.com/NU-ITS/LAPSforMac
it sends a new password with a curl PUT -d via https
https://github.com/PezzaD84/macOSLAPS - best one on the first sight because of using curl via https + crypt key and secret pair stored at jamf. Unfortunately, password itself could be seen only via a GUI application for macos. Moreover, not sure this solution works properly with Secure Token, bootstrap token, and volume ownership.
Our users are currently local admins with some restrictions via jamf policy (they could remove those restrictions manually as they are full root users, I guess).
nvm, seems like the best option for me is to have a backup fv-enabled local admin with a constant password.
I was looking the way to make that user easily but didn't find a proper solution.
The best one I see is to execute the next from Jamf:
fdesetup add -usertoadd username
but terminal requires username and password to be typed manually after that. Don't you guys know if there's a way to redirect username and password to stdin (with wait, I guess)?