FileVault Configuration Profile - 10.11 and 10.12

josh_miller
New Contributor II

Hello,

I'm attempting to create a configuration profile for FileVault disk encryption and when attempting to do the FileVault disk encryption at logout it fails. If I manually start it, it seems to begin doing it but I would like the config profile to do it. If this isn't possible and I have to use a policy then so be it but I was hoping to use the config profile.

Thanks!

6 REPLIES 6

stevewood
Honored Contributor II
Honored Contributor II

@josh.miller the following blog post by @kitzy helped me get FV2 enabled via Config Profile to work perfectly:

How I Deploy FileVault 2

The only times I have trouble with that process is when I forget to put a restore partition on a machine I am redeploying. Other than that, I've had no problems with it.

josh_miller
New Contributor II

Nice little guide however I have mine configured like his and when a user logs out and it asks them for their password to enable FileVault it then fails and tells me to enable it in Security and Privacy. Is that going to be the workflow for machines that are currently in the wild?

josh_miller
New Contributor II

I have attached the error I get when attempting to add the user to FileVault and begin the encryption process.c84d9e044c7046e08ab0d1c0c95eb9a9

stevewood
Honored Contributor II
Honored Contributor II

@josh.miller have you verified that the systems have a restore partition? What operating system are these failing on? And is it every machine, or only a handful?

josh_miller
New Contributor II

I'm only testing right now and I have tried on both 10.11 and 10.12. Both have a recovery partitione114018812aa4859bee73053cd7f39f0

hunter990
Contributor

I@josh.miller did you ever get any resolution to this. We are having the same issue with our systems here. FYI, for those that mentioned it, I do have recovery partitions. I am understanding it is looking for a cert. Trying to get further information on it.