- Jamf Nation Community
- Products
- Jamf Pro
- Re: Enable local account for filevault 2
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2014 06:42 AM
Hello,
In the FV2 admin guide, it mentions that you can go to Local Accounts and create a new account with the Filevault check box.
If I want to enable a local account that already exists, will following that same process just enable the account? Or does it have to actually create one?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2014 07:56 AM
No. If the account already exists, it will need to be enabled another way. I have a post showing how the post-encryption enablement process works on both Mountain Lion and Mavericks:
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2014 07:56 AM
No. If the account already exists, it will need to be enabled another way. I have a post showing how the post-encryption enablement process works on both Mountain Lion and Mavericks:
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2014 08:32 AM
I'll give this a shot. Thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-05-2014 03:44 AM
In my testing I've found that if you set up a policy to create an account and then enable FileVault for that account as well it'll just enable FileVault for it if the account already exists.
Now, I have already had FV2 enabled on my machines so that may have to do something with it.
He's what the log from the policy will tell you:
Executing Account Account TEST...
[STEP 1 of 0]
Error creating user: An account with the user name Admin already exists..
Adding user Admin to filevault
Adding user 'Admin' to existing FileVault
FileVault is On. FileVault master keychain appears to be installed.
Oh, here's an edit:
JSS 9.31
Mac Os X 10.9.4
2 accounts.
1 local admin, deployed at imaging. Added to FileVault after the standard account has been enabled. I'm adding it to FV with the process I described above.
1 standard user, added after imaging and binding to AD then FileVault 2 enabled.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-04-2015 12:01 PM
@rtrouton Is there a way to enable this newly created account via command line, rather than the GUI in System Preferences? On your site, I see you mentioned that this functionality was removed in Mavericks. Is there still no workaround?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-04-2015 01:00 PM
I don't know if I'd recommend the use of this in production, but I have a post on a possible workaround:
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-04-2015 01:05 PM
Ugh. Not sure I'd recommend it either. Thanks Rich..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-16-2017 06:40 AM
@makander: That trick may have worked once, but not any more. We're running 10.11.6, and here's what happens when I use a policy to add an existing local admin account with FV access:
Executing Policy Add localnab admin account
Error creating user: An account with the user name localnab already exists..That's it. It does not add the user to FileVault.
jamf nation is full of threads on this very topic -- how to add an existing admin account to filevault -- but none of the solutions described there work.
The frustrating thing is that I can add a new admin account with FV, I just can't enable FV for an existing admin user.
