I am doing a FileVault 2 push to a lot of Macs in my company. The policy has been pushed out a couple of months, but now management wants them enabled. I have worked with a lot of users that have been needing the policy flushed in order to see it in self service again. My big problem now is Macs are saying deferred enablement in terminal. Even after a reboot. After this reboot the account used to enable FileVault would log in and get kicked out. The only way to get that account to log in was to sudo fdesetup disable (even though FileVault was said to be off) After a few rounds of this and an upgrade to 10.11 from 10.10 I decided to sudo fdesetup enable for that that account. After the encryption happened a recovery key was never sent to Casper. Can someone tell me where I went wrong and why enabling in self service would error our upon reboot?
