Help

FileVault & Self Service

spotter
New Contributor III

Posted on ‎06-02-2014 08:03 AM

I've looked through several discussions including rtrouton post

http://derflounder.wordpress.com/2013/10/22/managing-mavericks-filevault-2-with-fdesetup/

, but i'm still scratching my head.

All devices are encrypted with FileVault some with the JSS encryption policy and others manually. Most of the devices (99%) have the local admin account enable along with the primary user in FileVault. The issue that is coming up, new users are getting on these device and using them but not able to login after a reboot or shut down.

So that leads me to this... Is it possible to have a policy which is made available through Self Service to enable the current user?

I create a policy which grabs the current user

currentUser=ls -l /dev/console | cut -d " " -f 4

then runs the fdesetup command

fdesetup add -usertoadd $currentUser

but when i run this in Self Service is never finishes or prompts me to enter my password.

What am I doing wrong or is this even possible?

0 Kudos
Reply
1 REPLY 1

mm2270
Legendary Contributor III

Posted on ‎06-02-2014 08:16 AM

If I'm not mistaken, the "fdesetup add -usertoadd $currentUser" command requires the user's password for them to be added, even if its being run by root, since their password is required to allow them to unlock the Mac at the FileVault login screen.
Are you capturing their password in some way to send back to the script, like with some GUI controls (Applescript, cocoaDialog, etc)? I think that would be necessary or the command will stall since there is no GUI up on screen for the user to type in their password.

0 Kudos
Reply