Enabled a user onto Filevault automatically (or script)

Bernard_Huang
Contributor III

Hi all,

Here's the scenario:
- We have a Macbook. Filevault is already enabled for the first user created within the Macbook
- We want log-off, then ask another user to log on. When that happens, we want filevault to automatically add this new user to its enabled list.

As far as I know, the new user who has just logged on, has to go to System preferences > Security & Privacy > Filevault > enable user, select himself/herself to be added to filevault, then click 'done'. This is too manual. And it really doesn't work if the new user don't have admin rights. Does anyone know of a script to enable this?

I've read this article, but I think this is referring to enabling the first account for Filevault.

Any ideas?

1 REPLY 1

al_platt
Contributor II

There's no way of a new user adding themselves to filevault without the steps above.

Although, you could use fdesetup commands remotely but you'd need to know their password and they'd have to have an account on the mac first.. although are you pushing local accounts with Jamf or using AD mobile accounts?

fdesetup goodies here https://derflounder.wordpress.com/2015/02/02/managing-yosemites-filevault-2-with-fdesetup/

and https://www.jamf.com/jamf-nation/discussions/14936/how-to-enable-filevault-2-through-jss-and-add-filevault-users-with-a-single-command-line-without-using-a-plist-file