Help

Filevault Config Profile Not Working

andyfreeman
New Contributor

Posted on ‎08-24-2021 05:02 AM

Hi All

I was poking around Jamf last week, running some smart searches for an Audit when I noticed that around 100 or so of our devices are not Encrypted, despite us having a configuration profile that is supposed to force Filevault upon first logout. 

The configuration profile is - 

Enable Filevault - Enabled
Event to prompt - At Logout
Recovery Keys - Personal
Display recovery key to user - Hidden
Prevent filevault from being disabled
Encryption Method - Automatic

I have a couple of users to check that the profile is installed, and it is. And It starts the process upon logout as expected - but they are met with an error message "error while enabling filevault for this user"

Anyone got any ideas what could be going wrong here? 

Any help would be appreciated!





0 Kudos
1 REPLY 1

ljcacioppo
Contributor III

Posted on ‎08-24-2021 06:46 AM

Have you verified that the user account getting the error has secureToken? 

This article explains a bit more about secure token: https://derflounder.wordpress.com/2018/01/20/secure-token-and-filevault-on-apple-file-system/

I would run this command to see if the user getting the error actually has a securetoken 

sysadminctl -secureTokenStatus username_goes_here

 

0 Kudos