Help

filevault already enabled before enrollment

jorge_
New Contributor III

Posted on ‎01-13-2020 06:19 AM

just curious if anyone has ran into this scenario.

before purchasing jamf, i already had filevault enabled for my mac users, I was saving the recovery key to a safe somewhere in our environment.

now that i have jamf, i want jamf to manage those keys with its filevault profile. would i need to decrypt my devices? and re-encrypt upon enrollment so that jamf can manage those encryption keys?

0 Kudos
3 REPLIES 3

dpv_bnc
New Contributor II

Posted on ‎01-13-2020 06:32 AM

Hello.

I recommend that you reissue FileVault keys and escrow them in Jamf, as per your request.
To achieve that you have to:
• Create a configuration profile that explicitly escrow FV keys to Jamf ;
• Create a script to reissue key (continue reading...) ;
• Create a policy to reissue key ;

Here's a link for the how-to!
https://hcsonline.com/support/white-papers/how-to-reissue-a-recovery-key-for-filevault
:-)

Welcome aboard!

vickih
Contributor
In response to dpv_bnc

Posted on ‎11-16-2022 05:12 AM

This is amazing.  I had found this script a couple days ago but the Whitepaper is awesome! Step-by-Step.  

 

Thank You, 

VickiH

0 Kudos

jzarate
New Contributor II

Posted on ‎01-15-2021 03:42 PM

@dpv_bnc Thank you for the clear instruction. This has been successfully deployed at my company.

0 Kudos