FileVault2 Enabled Users High Sierra

bruth85
New Contributor III

The last few High Sierra machines we have deployed I have noticed that after setting up Encryption and its completion, on the Filevault window it says Some Users are not able to unlock the disk. When I click on Enable users and login as the AD/Mobile User I get the check mark like all is good but after I reboot they are not enabled again. I have even tried to manually provide them with a SecureToken using the sysadminctl commands and after reboot same thing. Is there something wrong or what are the affects of a user not being enabled to unlock the drive?

2 REPLIES 2

dgreening
Valued Contributor II

Make sure to run "diskutil apfs updatePreboot /" after adding users (we do this programmatically post sysadminctl user add).

bruth85
New Contributor III

Whats odd is I would expect if the user is truly not able to unlock the disk it should ask for a disk password correct? The user can login as normal and you can watch the progress bar run its course and get into the users desktop.