Help

FileVault2 Policy Jamf Pro

Go to solution
brizkallah
New Contributor II

Posted on ‎01-25-2023 07:08 AM

good day.

after applying the Policy to enable the FV2 in JAMF, when the user restarts the machine he still have to 

1- login to decrypt the disk

2- sign in again with the AD user name and password.

can someone offer a solution to have the password registered?

well, let me break it down in other words.

1- the devices/laptops are connected to the AD.

2- users always use there AD credentials to login.

3- the user now login twice, first login is to decrypt the disk and the second one is to login to the device itself.

4- so the problem is what if the user forgets his AD password and i did a reset on the AD, he will not be able to decrypt the disk in order to login. 

so my question is that if i can just bypass the 1st login requested to decrypt the disk or i should be switching to a different method of enabling the FV2.

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
AJPinto
Honored Contributor III

Posted on ‎01-25-2023 10:34 AM

The 1st problem is domain binding, stop that. 

If a user forgets their password you should use the FV recovery key which will trigger a password reset. With domain binding this causes a problem. 

View solution in original post

Reply
2 REPLIES 2

Go to solution
AJPinto
Honored Contributor III

Posted on ‎01-25-2023 10:34 AM

The 1st problem is domain binding, stop that. 

If a user forgets their password you should use the FV recovery key which will trigger a password reset. With domain binding this causes a problem. 

Reply

Go to solution
brizkallah
New Contributor II
In response to AJPinto

Posted on ‎01-25-2023 11:05 AM

well, if this is the case do you have a reliable documentations for it? or a test process that can be applied on a test machine? thank you for the help

0 Kudos
Reply