Enabling user for FileVault2 remotely

New Contributor


I am trying to implement LAPS for Mac into my organization. We got to the point where we can successfully create the LAPS user, let's call it 'admin', it will randomize the password once a week, and report that to Jamf as an extension attribute.

One thing we are having trouble with, is figuring out how to remotely give this account access to unlock the disk upon reboot. All of our machines are on 10.14 or later, most being 10.15. I know that starting with 10.13 it became somewhat more difficult to use MDM to grant a user access to unlock the disk.

Anyone have any ideas on how we can mass grant our admin user (with a randomized password on each machine) access to unlock the disk?