- Jamf Nation Community
- Products
- Jamf Pro
- FileVault - User not prompted to encrypt
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
FileVault - User not prompted to encrypt
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-24-2024 03:28 AM
I'm trying to configure Jamf Pro to enforce the company requirement that devices are encrypted. Created a Configuration Profile that has Security and Privacy > FileValut > Enable FileVault enabled, but have also set Event to prompt FileVault enablement > At Login and Allow user to bypass FileVault prompts at login > Require after 3 attempts. However, when testing the Configuration Profile against my MacBook - which has FileVault turned off - I am not being prompted to enable FileVault.
I have repeatedly logged out/in, shutdown/started my laptop but at no time have I been prompted to enable FileVault. While my user account is a Standard user, I have tried logging in as the Admin user but still don't get prompted to enable FileVault.
What am I missing?
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-24-2024 08:10 AM
Does your user have a Secure Token? Only a user with a secure token can enable FileVault.
run this command in terminal to see if your user has a Secure Token:
sysadminctl -secureTokenStatus <<username>>
If you user does not have a secure token, you will need a user with a Secure Token to grant your user a secure token.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-24-2024 08:32 AM
Thanks for the response, @Tribruin, and having running the command for both my Standard user and the Admin user it reports for both that Secure Token is ENABLED.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-24-2024 08:54 AM
What are the results of these two commands:
fdesetup status
sudo fdesetup list
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-24-2024 10:13 AM
What do you get when you run "fdesetup status"?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-29-2024 01:20 AM
Sorry for the delay in following up your messages @Tribruin and @AJPinto.
Regarding running fdesetup status as both my Standard user account and the local Admin account, both report FileVault is Off.
As for sudo fdesetup list:
glennc,785E02A2-6698-4BFC-A506-C6BF02B14585
admin,AABDB9D3-9953-4A62-B8FE-5D3C060002B2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-29-2024 04:56 AM
According to the terminal output, FileVault is on. Users wont have FileVault tokens if FileVault is disabled. Assuming admin and glennc are your accounts, they should have FileVault tokens.
Just a suggestion. User a different account name then admin for your local admin account, that name is really easy to guess.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-29-2024 10:03 AM
@AJPinto don't know what "terminal output" you are referring to, but I'm not seeing anything that would indicate FileVault is ON.
System Settings > Privacy & Security > FileVault states OFF and if I select the option I have the option to Turn On...
Jamf Pro > Computers > Search Inventory > Select my laptop > Inventory > Disk Encryption states Not Encrypted.
Thanks for the comment regarding the admin username.
