Posted on 11-01-2016 07:45 AM
Hi all,
With FileVault is there a way to enable another account when you push the policy out? For example we have it set so that the end user by default will have access, but what about our admin accounts? Is that a manual process of going machine by machine?
Thank you
Posted on 11-01-2016 09:55 AM
Look in the administrator's guide. There is a way of enabling the local Casper management account on the Mac for FileVault 2, but keep in mind, it means that account name shows up at the initial FV2 login screen later, along with any other enabled accounts, like the primary user for example.
Here's a link to the online documentation that offers more details on that:
http://docs.jamf.com/9.96/casper-suite/administrator-guide/Administering_the_Management_Account.html
In case you were wondering, there's no way of automatically enabling another local admin account that isn't the Casper management account, at least not without using some type of user interaction process that would ask the current FV2 enabled account holder for their password so it can be used to enable another account for FileVault. There are some custom scripts posted from users here on JN that do this, if you search around for them.
Posted on 11-01-2016 11:17 AM
So essentially we could create a "hidden" new account with a shared password to decrypt the machine and then the user could login with their own information?
Posted on 11-01-2016 04:48 PM
Hi all,
new here but from what I have learned from various admins is that having a "master" account that can unlock any computer is quite unsafe.
Any reason to have the admin account also unlock FV?