Posted on 09-01-2022 10:58 PM
Hello Everyone, i have a Problem with 2 Devices, one of them ist with the new M2 Chip and the other One is an Intel Mac. Both of them show me that in jamf: Personal Recovery Key Validation:Unknown
But FileVault 2 Partition Encryption State:Encrypted.
I am able to see the Personal Recovery Key in terminal but there is a Problem with the transfer to Jamf. Ihad tried with jamf recon but nothink happens. Can anyone help please.
Posted on 09-02-2022 03:30 AM
Decrypt and encrypt again.
09-04-2022 04:36 AM - edited 09-04-2022 10:27 AM
On one of the systems, run a policy with the Disk Encryption payload and the Action set to "Issue new Recovery Key", and the Recovery Key type as "Individual". As long as your initial FileVault profile/policy was set to send the keys to Jamf Pro, it should issue and escrow a new key.
There's also a Jamf script that uses the Jamf Helper to prompt the user for their password and then creates a new recovery key. Check the script at https://github.com/jamf/FileVault2_Scripts/blob/master/reissueKey.sh and modify for your needs. It should still work on Apple Silicon.
Posted on 09-04-2022 10:31 PM
Thank you Very Much, i had tried it on the Device directly with two commands:
sudo fdesetup changerecovery -personal
and then Sudo jamf recon, it works :)
Posted on 11-15-2022 10:13 AM
Also, if possible help me with that; I've tried those 2 commands, runs good, I could see the RecoveryKey on terminal but still showing as unknown on Jamf
Posted on 09-04-2022 11:22 PM
i have another question, we also have a hidden Admin Account, whwhich is created during the enrollment, by some Users, i see the Admin Account as FileVault User, how can i change thhis easily ?
Posted on 11-15-2022 10:11 AM
Hey, can you explain how to create this hidden Admin Account?