Filevault Weirdness

schultza
New Contributor II

Has Anyone Seen this behavior Before?

https://drive.google.com/open?id=1JZYwU5K6eGyCz5C4X4-Xi-cz-dMnKtx4

Whenever you click the enable button to access the gui to add more Filevault users the button doesn't actually do anything.

10.13.3, although we've seen this since 10.13.0 roughly. AD bound macs, using mobile accounts. The account attempting to trigger the gui interface is 501, it has the secure token. Fdesetup works fine in CLI, although as I'm sure most of you have experienced that's clunky to say the least.

We have FV kickoff via jamf Policy on the 501 account, and that works without any issues.

Initially I thought this was caused by a configuration profile that locked out the Users & Groups Pane, confirmed that is not the issue. We do some minor changes to the auth.db, also ruled that out; also not the problem.

Vanilla 10.13.3 bound to our AD no issues. Jamf Pro 9.101.4. Something we're doing is causing this. Any Likely Suspects?

---Other Oddities

Manually adding the secure token in command line to the mobile account has some strange results. Accounts appear to be in the Fdesetup list but don't actually show up on boot. (No Cached Hash?) Although this is only tangentially an issue as the Fdesetup does work and does add the Token in the process.

2 REPLIES 2

schultza
New Contributor II

Fixed. sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool NO fixes the issue. The GUI doesn't want the account adding users to FV to be hidden.

seann
Contributor

Have you tried running the update pre boot command?