Jamf Nation Community

Thats the same for our JSS (on 9.61).

I'm trying:

FileVault 2 Partition Encryption State is "Not Encrypted"

and it shows up the ones that are encrypted.

It calculates correctly if i use disk encryption configuration as the criteria but I've been told not to make an effort to reencrypt laptops that were encrypted before I implemented casper. Thanks for the verification, I'm going to look at rich's EA but I will also poke our TAM.

I second using an Extension Attribute for this. While we're not using Rich's, we have one that is similar and its much more reliable for us. We've always had weird results using the built in one from JAMF.

Remember that there was a defect for status that was fixed in 9.62...
Not sure of the exact information here; maybe Rich or a JAMF associate can jump in.
There are three defects listed as fixed in the release notes with the word FileVault.

@guidotti Looks like something was addressed there.
Note: JAMF/Apple are beginning to recommend Profiles instead of policies for filevault on 10.10 and up.

Fixed in 9.62
[D-007885] Fixed an issue that caused the JSS API to return the FileVault 2 encryption status as "Not
Encrypted" when a computer with OS X v10.10 was encrypted.

Still outstanding:
[D-007823] Policies configured to require users to enable FileVault 2 in a disk encryption payload fail to
do so on a computer with OS X v10.10.

That last one must be why my encryption payload policy does not work on OS X 10.10.1...

I opened a ticket with JAMF, on further investigation the groups only calculate incorrectly for 10.10 clients. I am looking at rich's fine EA but JAMF should fix this.

If I do the following

Model like MacBook
FileVault 2 Status is not Boot Partitions Encrypted Operating System like 10.10.

It returns 38 10.10 clients, almost all of them have the Boot Partition Encrypted. When it should return the 4 10.10 clients that don't have the boot partition encrypted.

Wasn't that fixed in 9.62, or is there still a defect around FileVault and 10.10 reporting? I'm confused. I'd like to know since we're beginning to do heavier 10.10 testing/image building to get something out to clients soon. Not having correct FileVault 2 reporting won't be a good thing. Are we going to have to wait for 9.63?

9.62 has fixed the issues where the File Vault Status for boot volumes was not being reported correctly for 10.10 machines.

The status is being reported correctly when you look at the client information, its just not calculating smart group/search correctly when using FileVault 2 Status as criteria.

@Kaltsas not sure what the issue is in your environment but our smart groups before 9.62 would not add 10.10 machines that had "FileVault 2 Status" criteria set to Boot Partitions Encrypted but after we ran the update within a minute it added all of our encrypted 10.10 machines to the smart group.

@Kaltsas @mm2270 @chriscollins In my findings on 9.62. I have 2 10.10.1 machines sitting on the same desk with FV2 enabled.

In JSS on the "FileVault 2 Partition Encryption State:" within the Disk Encryption section:
Machine 1 reports -- Encrypted
Machine 2 reports -- Yesterday at 4:30 PM

It appears the information is being reported the same, however Machine 2 reports are shifted down. Not sure if this is just the web interface or if it is indeed in different locations in the SQL database table. I am curious if this is what might be causing the calculations off. My calculation reports back 1 machine instead of 2 machines.

Huh, that's odd. I would get a screen shot of that over to your account rep asap. If this is what its doing, then yeah, something is being shifted somehow in the reporting, because "Yesterday at 4:30 PM" is obviously not a FileVault 2 encryption status :)

@mm270 - I sent it over to my account rep just now.

Strangely enough Machine 2 is all of the sudden is reporting correctly, and it is now added into the smart group. I did nothing to fix the issue, except close out of the Machine 2 computer details .est 10 times and now it is reporting correctly. It is good that it fixed itself, Not good if this happens on a lot more computers.

Hah, gotta love when things mysteriously fix themselves. I wonder if it was just a browser cache issue? What browser are you using when viewing it? FWIW, I now use Firefox exclusively when working in the JSS, because Safari basically sucks when in the JSS v9.

Yes, Safari randomly drops the sidebar from JSS 9.62 for me...