+5Hi all,
With FileVault is there a way to enable another account when you push the policy out? For example we have it set so that the end user by default will have access, but what about our admin accounts? Is that a manual process of going machine by machine?
Thank you
+24Look in the administrator's guide. There is a way of enabling the local Casper management account on the Mac for FileVault 2, but keep in mind, it means that account name shows up at the initial FV2 login screen later, along with any other enabled accounts, like the primary user for example.
Here's a link to the online documentation that offers more details on that:
http://docs.jamf.com/9.96/casper-suite/administrator-guide/Administering_the_Management_Account.html
In case you were wondering, there's no way of automatically enabling another local admin account that isn't the Casper management account, at least not without using some type of user interaction process that would ask the current FV2 enabled account holder for their password so it can be used to enable another account for FileVault. There are some custom scripts posted from users here on JN that do this, if you search around for them.
+5So essentially we could create a "hidden" new account with a shared password to decrypt the machine and then the user could login with their own information?
+2Hi all,
new here but from what I have learned from various admins is that having a "master" account that can unlock any computer is quite unsafe.
Any reason to have the admin account also unlock FV?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.