Posted on 01-17-2014 05:34 AM
In November. I successfully tested enabling FileVault with Self Service on OS X 10.9 Running Casper 9.21 at the time.
Retested with Casper 9.22 before the holidays and again this week. Originally the Self Service policy worked without any issues. With 9.22, auto restart failed and was able to get around that by using a reboot script. The other issue is that now I have to manually restart a Mac a second time to get the password request to start the encryption.
Jamf support has been helpful on the issue, but I'm under deadline to roll out encryption to almost 200 Macs.
Anyone else have this issue or is running the FV encryption from Self Service with Casper 9.22 successfully?
Thanks! Corbin
Posted on 01-17-2014 08:11 AM
What do you need the restart for? If you force the restart then it won't ask for the password to start encrypting, as far as I know. The user has to manually initiate the restart/logoff through the GUI, and then the password prompt should appear. I usually wait 10 seconds after running the Self Service policy because the fdesetup command it uses sometimes has a little lag.
Posted on 01-17-2014 08:19 AM
@corbin3ci][/url, @alexjdale][/url is correct. A script or command doing something like "shutdown -r now" or even shutdown -r +n" no matter how many minutes you set it for, won't initiate the prompt for a password to kick off encryption to the user.
We ran into similar issues when building some processes with our finalize application users use to set up their system. It can be done, but has to be done via Applescript commands or osascript when in a bash script.
We've had success with a couple of different methods. The tricky part is sometimes getting Applescript calls to actually work. Each version of OS X makes it a little tougher. For security reasons Apple is making it harder to make GUI type commands run by anyone but the user logged in.
Posted on 01-17-2014 01:55 PM
Thanks for the feedback, I'm just wondering why it worked at one point and now it fails.
Page 15 of the Administrating Flievault 2 pdf shows step 11 - If “Management Account” is selected as the enabled FileVault 2 user in the disk encryption configuration, do the following:
a. Select the Restart Options payload and configure restart settings for the computer.
b. (Optional) Click the User Interaction tab and customize the restart message displayed to users.
When I tested this while logged in as standard user this worked with Casper 9.21