Jamf Nation Community

tcandela · ‎12-10-2020

I have a user account on some macs that is not FileVault 2 enabled, is there a script available that i can apply to these macs that can enable that specific user account?

macs are running 10.14.6

geoff_widdowson · ‎12-10-2020

I use this this on a policy. You need to know a current a Filevault enabled user. Parameter 4 and 5 are an existing FV2 enabled account. Parameter 6 and 7 the account you are making FV2 enabled.

#!/bin/bash SECURE_TOKEN_USER=$4 SECURE_TOKEN_USER_PASS=$5 NEW_SECURE_TOKEN_USER=$6 NEW_SECURE_TOKEN_USER_PASS=$7 /usr/sbin/sysadminctl -adminUser "$SECURE_TOKEN_USER" -adminPassword "$SECURE_TOKEN_USER_PASS" -secureTokenOn "$NEW_SECURE_TOKEN_USER" -password "$NEW_SECURE_TOKEN_USER_PASS" exitresult=$(/bin/echo $?)

taylorducharme · ‎12-10-2020

I run this through self service. it will grant them the secure token automatically. it will pull the current user's name in and just prompt for their password so there is very little for the user to mess up.

tcandela · ‎12-10-2020

@geoff.widdowson hi there, thanks for answering.

so i have 2 current users, both accounts are administrators.

'User1' is enabled 'User2' is not enabled.

I will have to know the passwords of both users?

geoff_widdowson · ‎12-10-2020

@tcandela Yes on the script I use you need to know the password for both, so 'SECURE_TOKEN_USER_PASS=$5' is the password of the FV2 enabled account 'User1' and 'NEW_SECURE_TOKEN_USER_PASS=$7' is the password of the account you are adding to FV2 'User2'. If your accounts have different passwords on each device this script is not going to work.

tcandela · ‎12-12-2020

@taylorducharme @geoff.widdowson thanks for answering. This sucks, especially if you don't know any of the users passwords but the account you wan't FV2 enabled.

shrisivakumaran · ‎04-28-2022

is there anyway to enable FV2 for second account (local admin account created via Jamf) with script?

Shri Sivakumaran

Jamf Nation Community

FileVault 2 enable user via script