Help

FileVault 2 Enabled Users: ciscoacvpnuser in Disk Encryption

Go to solution
DMH2000
Contributor II

Monday

I have had 2 MacBooks out of many so far, that the FileVault 2 Enabled Users is ciscoacvpnuser. This means that Encryption never turns on for the real user of the MacBook.

1. I would like to know why this local system account is being added here? I think the user isn't logging back in after the final install of the default applications (which includes Cisco Secure Client) and a required reboot). And somehow the ciscoacvpnuser account is being added.

2. Is there a way to remove this account in Jamf or push the user's account from the user's MacBook to Jamf?

These are newly enrolled computers so Support has been contacting the users and wiping the computer and re-enrolling again.  We had a ticket open with Jamf but they did not have a resolution for the Support team.

Thanks in advance!

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
DMH2000
Contributor II

Monday - last edited yesterday

I tested on my macbook and found if I don't login and Cisco Secure Client installs that the ciscoacvpnuser gets added to the FileVault2 Users.

I have a work flow process now to alleviate this issue. It is kind of simple:  I have set Cisco Secure Client to only install upon login, this seems to fix the issue. Process: The login screen will sit there until they login. The associate enters their credentials, they get the prompt that FileVault was enabled (deferred until reboot), Cisco Secure Client gets installed, user gets prompts for OneDrive and Intune Integration (these are 2 of our default programs), which are completed within the 15 minute restart time. Cisco app then reboots the machine, so FileVault enables.

View solution in original post

Reply
3 REPLIES 3

Go to solution
sdagley
Esteemed Contributor III

Monday

@DMH2000 Unless you know the password that is being set for ciscoacvpnuser you won't be able to delete it (you'd have to use that password to grant the actual user account FV access). I'll note that you say that account rarely gets created first, but can you change your install sequence to defer installation of the Cisco Secure Client until after the user logs in to ensure it won't be the first account created?

Reply

Go to solution
DMH2000
Contributor II

Monday

The reboot was needed for Cisco Secure Client in the early 4.x installs.  I don't know if it really needs a reboot now, maybe remove the restart so the user stays logged in.  Your suggestion makes sense and will need some testing.  It seems this ciscoacvpnuser is a temporary account to install Cisco Secure Client. So I think the password is random, but could be changed. I don't know why Jamf Support didn't get this resolved. Our Desktop Support wiped the computer as the associate's account wasn't seen as an Admin account for some reason.

From Cisco: In Windows and macOS, a restricted user account (ciscoacvpnuser) is created to enforce the principle of least privilege only when the management tunnel feature is detected as enabled. This account gets removed during AnyConnect uninstallation or during an installation upgrade.

0 Kudos
Reply

Go to solution
DMH2000
Contributor II

Monday - last edited yesterday

I tested on my macbook and found if I don't login and Cisco Secure Client installs that the ciscoacvpnuser gets added to the FileVault2 Users.

I have a work flow process now to alleviate this issue. It is kind of simple:  I have set Cisco Secure Client to only install upon login, this seems to fix the issue. Process: The login screen will sit there until they login. The associate enters their credentials, they get the prompt that FileVault was enabled (deferred until reboot), Cisco Secure Client gets installed, user gets prompts for OneDrive and Intune Integration (these are 2 of our default programs), which are completed within the 15 minute restart time. Cisco app then reboots the machine, so FileVault enables.

Reply