Help

FileVault Escrow

tdenton
Contributor II

yesterday

Morning 

We have few Macs which have failed escrow there FileVault key back to Jamf.

I have setup escrowbuddy and this seems to be working well bringing these keys back.

I can see the policy has run to setup escrow buddy the policy also inculdes 
defaults write /Library/Preferences/com.netflix.Escrow-Buddy.plist GenerateNewKey -bool true

I can see users have had a fresh login.

While machines now do seem to have a vaild FileVault key. I'm seeing two issues.


 FileVault 2 Enabled being switch from enabled to Not enabled. 
 FileVault 2 Enabled set as Not enabled.

This depsite the fact that the effected machines have a vaild Key, showing as encrypted and have a FileVault 2 enabled user.

As anyone else seen this behaviour before?

Thanks

Screenshot 2025-03-05 at 09.51.31.png

 Thanks



0 Kudos
Reply
3 REPLIES 3

jamf-42
Valued Contributor II

yesterday - last edited yesterday

yup.. this is a thing from a while ago.. setup a smart group..  that key has been bust forever. something about.. DDM or such like.. 

jamf42_0-1741176910727.png

also, if you have setup EscrowBuddy with EAs and Policy.. you can report off that also.. 

0 Kudos
Reply

tdenton
Contributor II

yesterday

@jamf-42 
Thanks machines are encrypted based on the smart group criteria you provided. 

So its more of reporting issue within jamf that it actual been broken, do you know if Jamf have confirmed it has product issue in the past?

0 Kudos
Reply

jamf-42
Valued Contributor II
In response to tdenton

yesterday - last edited yesterday

erm. yea.. probably.. get onto Mac Admins Slack.. its probably there somewhere 😎  but yes.. its a reporting bug.. 

0 Kudos
Reply