Jamf Nation Community

Cayde-6 · ‎11-29-2018

Hi all,

I've got an intermittent problem whereby some macOS devices have a security profile which enables FV2 but when I logout I do not get a password prompt and get taken back to the login screen.

Has anybody else encountered this?

sshort · ‎11-29-2018

@LewisB I saw that behavior in 10.14 when logging out of a mobile AD account. You could get the FV enable prompt when logging out from a local user, though. But that specific issue seems to have been resolved in 10.14.1.

Cayde-6 · ‎11-29-2018

@sshort

I should have mentioned this is on 10.14.1 and is definitely a local user rather than mobile AD

dorellano · ‎11-29-2018

I'm seeing he same behavior with our workflow. Works fine on 10.13.6
On 10.14.1 , we get the prompt to enable filevault 2 when logging out, click enable now but it never turns on.

scottb · ‎11-29-2018

Have seen sporadic "no prompt" at login, logout, and even with check-in.
FV seems like it should be the simplest of the things to implement, but it turns out to be one of the most mind-boggling to get to work reliably. Sometimes ;)

Cayde-6 · ‎11-29-2018

So how do you prompt the user to logout for FV2 then?

dorellano · ‎11-29-2018

We have a policy set to enable file vault at next logon.
So if the user logs out they are prompted to enable filevault the next time they log in.
This is a feature built into Jamf, we didn't write anything custom for this.

chadsherlock · ‎11-29-2018

@dorellano I have the policy set up as well, but with 10.14 it pops up to enable and yet never actually enables FileVault. Has yours worked with 10.14? My computers are not bound to AD.

dorellano · ‎11-29-2018

@chadsherlock We're using only local accounts. The prompt pop up on 10.14 but it never actually enables filevault.
Seems to work correctly on our 10.13.x machines. Again all local accounts though.

scottb · ‎11-29-2018

FWIW, only local accounts as well.
Haven't even looked at the AD/JumpCloud accounts for this.

dorellano · ‎11-29-2018

This pretty much outlines the set up here : https://youtu.be/YR-NHVhcxxo?list=PLlxHm_Px-Ie3dNKXGmRIuxFgmiy2KZDH5

chadsherlock · ‎11-29-2018

@dorellano Yeah I have it set up and works great with anything not 10.14. I am trying to find a solution to turn FileVault on with 10.14 cause the Jamf enable FileVault doesn't actually enable it.

Cayde-6 · ‎11-30-2018

@dorellano

I was told by Jamf to use the Config Profile for FV2 now as the policy method is being fazed out??

chadsherlock · ‎11-30-2018

@LewisB I just set that up and trying it out. So far on two machines it says "There was a problem enabling FileVault on your computer. Use system Preferences..." I have a case open with Jamf so we will see.

But thank you for the suggestion!!

gachowski · ‎11-30-2018

Can you test with fdesetup enable with -defer on a clean OS install..... I am 99% sure that Jamf use fdesetup when you use the policy... I don't think Jmaf can "fazed out" the policy method as long as the FV profile part is hidden deep in the security profile

C

alexjdale · ‎11-30-2018

Who is logged in when the profile is installed, in those cases? The profile, on installation, basically seems to give the same result as running fdesetup enable with deferred mode for the current user at the time.

Cayde-6 · ‎12-03-2018

@alexjdale The user who will own the laptop, the user has a secure token.

Jamf Nation Community

FileVault2 - Logout doesn't prompt for password