FileVault 2 not adding our management account.

callum_baird82
New Contributor II

Hey Guys,

We have the policy to enable our local admin/management account with FileVault however recently it's stopped working and we're unsure why. Is it required to log in to the account before it can be recognized by the command?

I've attached the flow of the policy below.df450abf4cb64451986178ee77540d8c

5 REPLIES 5

nvandam
Contributor II

Santosh_BR
New Contributor III

We have faced the same issue some time back and it's the issue with the secure token on high sierra 10.13.4 and above.

roiegat
Contributor III

Yeah welcome to the not-so-fun club. Its fairly complex at times. But essentially here's what we do:
1) Make sure techs who are imaging machines create the same account for the first account
2)During the imaging process we have the first account turn on the SecureToken for the management account
3)When an AD user logs in, they are prompted for their password and they are also give a secure token so they can log in

The reading in the firs thread is crucial to the learning process.

neilmartin83
Contributor II

An alternative approach if I may be so bold :-) :

Consider why you might want your local admin account to be able to unlock the disk?

Jamf will escrow the FileVault recovery key and you can use that to gain access if needed.

roiegat
Contributor III

@neil.martin83

A good suggestion. But its mostly so a tech can log into the machine to resolve any issues desk side if needed.