Help

FileVault 2 Recovery Key Password Change Failing

Go to solution
denmoff
Contributor III

Posted on ‎12-03-2013 07:11 AM

I'm trying to test the password recovery option with FileVault, where you type your password incorrectly three times at the boot login. I get the prompt to enter the recovery key, i enter it and then it boots to the login screen where i'm prompted to enter a new password for my encrypted user. I enter a new password and it just shakes it off. I'm forced to enter my actual password.

This is a Macbook Pro running 10.9 and i used JSSv9.2 to setup filevault2 with an individual key and institutional key. This is an AD bound user with a mobile account(which now that i think about it, might have something to do with the problem).

Summoning @rtrouton][/url][/url][/url

EDIT: I enabled a second standard user with FileVault and tried this with that user and i was able to reset the password. So, the issue seems to be with the AD bound user only.

Found another thread on the topic: https://jamfnation.jamfsoftware.com/discussion.html?id=7400

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Chris
Valued Contributor

Posted on ‎12-03-2013 07:23 AM

I don't think this is possible with AD accounts, as you'd have to provide the correct password in order to change it

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
Chris
Valued Contributor

Posted on ‎12-03-2013 07:23 AM

I don't think this is possible with AD accounts, as you'd have to provide the correct password in order to change it

0 Kudos

Go to solution
winningham_2
Contributor

Posted on ‎01-21-2014 02:33 PM

I thought I would share a simple script that helps migrate this...

#!/bin/bash
#
#   migrateNetLocalhomeToLocalHome -This script is meant for users that have local homedirs but are network based and we want 
#       to move them to local homedirs with locally cached AD user account (aka mobile user). 
#       
#       

######################### Username is needed to start this migration ##################

# Replace "$4" with the actual username if you're running this through ARD
username=$4

/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n $username -h /Users/$username -S -v

######## NOTE: The below lines are not applicable if the user has been added as a local admin within Active Directory. ########### 
# Add this user to local admin group
# dscl . -append /Groups/admin GroupMembership $username
0 Kudos