Help

FileVault 2 Smart Group Problem

Go to solution
user-qHFlIsdGUC
New Contributor II

Posted on ‎12-01-2021 02:38 AM

Hey,

I have a problem in my environment where I have a Smart Group ("FileVault Eligible Devices") set up according to best practice. (https://docs.jamf.com/technical-papers/jamf-pro/administering-filevault-macos/10.30.0/Creating_Smart...)

FileVault 2 Eligibility Is Eligible

AND

FileVault 2 Partition Encryption State Is Not Encrypted

Just like it states.

 

My problem is, however, that devices that already have FileVault enabled get put into this group. Now I no longer know which devices had FileVault enabled by JSS and which had it enabled prior to enrollment. (Most of the devices either report PRK as unknown/invalid or report encryption state as Unencrypted despite being encrypted, even FileVault enabled by JSS.)

 

I have created a Ticket to Jamf support about this, they elevated it to their Tier 2 team but they stopped responding to me. Could someone here have any insight?

 

Thanks!

1 ACCEPTED SOLUTION

Go to solution
user-qHFlIsdGUC
New Contributor II

Posted on ‎12-03-2021 12:45 AM

This works with inversed logic: 

"FileVault 2 Partition Encryption State" "Is" "Not Encrypted" -->

"FileVault 2 Partition Encryption State" "Is Not" "Encrypted"

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
user-qHFlIsdGUC
New Contributor II

Posted on ‎12-03-2021 12:45 AM

This works with inversed logic: 

"FileVault 2 Partition Encryption State" "Is" "Not Encrypted" -->

"FileVault 2 Partition Encryption State" "Is Not" "Encrypted"

0 Kudos

Go to solution
john_kunkle
New Contributor
In response to user-qHFlIsdGUC

Posted on ‎12-06-2021 08:55 AM

Thank you for replying with the solution - I had the exact same problem and had referenced the same documentation.

0 Kudos