Help

FileVault2 Enabled Users High Sierra

bruth85
New Contributor III

Posted on ‎06-13-2018 11:39 AM

The last few High Sierra machines we have deployed I have noticed that after setting up Encryption and its completion, on the Filevault window it says Some Users are not able to unlock the disk. When I click on Enable users and login as the AD/Mobile User I get the check mark like all is good but after I reboot they are not enabled again. I have even tried to manually provide them with a SecureToken using the sysadminctl commands and after reboot same thing. Is there something wrong or what are the affects of a user not being enabled to unlock the drive?

0 Kudos
Reply
2 REPLIES 2

dgreening
Valued Contributor II

Posted on ‎06-13-2018 12:00 PM

Make sure to run "diskutil apfs updatePreboot /" after adding users (we do this programmatically post sysadminctl user add).

0 Kudos
Reply

bruth85
New Contributor III

Posted on ‎06-13-2018 12:24 PM

Whats odd is I would expect if the user is truly not able to unlock the disk it should ask for a disk password correct? The user can login as normal and you can watch the progress bar run its course and get into the users desktop.

0 Kudos
Reply