Skip to main content
Solved

Enable local account for filevault 2

  • June 19, 2014
  • 7 replies
  • 46 views
M
Forum|alt.badge.img+3

Hello,

In the FV2 admin guide, it mentions that you can go to Local Accounts and create a new account with the Filevault check box.

If I want to enable a local account that already exists, will following that same process just enable the account? Or does it have to actually create one?

Best answer by rich.trouton

No. If the account already exists, it will need to be enabled another way. I have a post showing how the post-encryption enablement process works on both Mountain Lion and Mavericks:

http://derflounder.wordpress.com/2013/10/24/enabling-users-for-filevault-2-with-a-non-enabled-admin-user-does-not-work-in-mavericks/

    7 replies

    R
    Forum|alt.badge.img+33
    • rich.trouton
    • Hall of Fame
    • Answer
    • June 19, 2014

    No. If the account already exists, it will need to be enabled another way. I have a post showing how the post-encryption enablement process works on both Mountain Lion and Mavericks:

    http://derflounder.wordpress.com/2013/10/24/enabling-users-for-filevault-2-with-a-non-enabled-admin-user-does-not-work-in-mavericks/

    M
    Forum|alt.badge.img+3
    • Monotype
    • Author
    • New Contributor
    • June 19, 2014

    I'll give this a shot. Thanks!

    M
    Forum|alt.badge.img+9
    • makander
    • Contributor
    • September 5, 2014

    In my testing I've found that if you set up a policy to create an account and then enable FileVault for that account as well it'll just enable FileVault for it if the account already exists.

    Now, I have already had FV2 enabled on my machines so that may have to do something with it.

    He's what the log from the policy will tell you: Executing Account Account TEST...
    [STEP 1 of 0]
    Error creating user: An account with the user name Admin already exists..
    Adding user Admin to filevault
    Adding user 'Admin' to existing FileVault
    FileVault is On. FileVault master keychain appears to be installed.

    Oh, here's an edit: JSS 9.31
    Mac Os X 10.9.4 2 accounts. 1 local admin, deployed at imaging. Added to FileVault after the standard account has been enabled. I'm adding it to FV with the process I described above. 1 standard user, added after imaging and binding to AD then FileVault 2 enabled.

    O
    Forum|alt.badge.img+14
    • ooshnoo
    • Honored Contributor
    • February 4, 2015

    @rtrouton Is there a way to enable this newly created account via command line, rather than the GUI in System Preferences? On your site, I see you mentioned that this functionality was removed in Mavericks. Is there still no workaround?

    R
    Forum|alt.badge.img+33
    • rich.trouton
    • Hall of Fame
    • February 4, 2015

    @ooshnoo,

    I don't know if I'd recommend the use of this in production, but I have a post on a possible workaround:

    https://derflounder.wordpress.com/2014/11/14/using-os-x-10-8s-fdesetup-tool-and-non-enabled-admin-accounts-to-enable-users-for-filevault-2-on-mavericks-and-yosemite/

    O
    Forum|alt.badge.img+14
    • ooshnoo
    • Honored Contributor
    • February 4, 2015

    Ugh. Not sure I'd recommend it either. Thanks Rich..

    S
    Forum|alt.badge.img+6
    • stevenjklein
    • Contributor
    • March 16, 2017

    @makander: That trick may have worked once, but not any more. We're running 10.11.6, and here's what happens when I use a policy to add an existing local admin account with FV access:

    Executing Policy Add localnab admin account
Error creating user: An account with the user name localnab already exists..

    That's it. It does not add the user to FileVault.

    jamf nation is full of threads on this very topic -- how to add an existing admin account to filevault -- but none of the solutions described there work.

    The frustrating thing is that I can add a new admin account with FV, I just can't enable FV for an existing admin user.

    Terms & ConditionsCookie settingsAccessibility statement