Jamf Nation Community

Not possible to do this when FV2 is enabled.
I assume since you're asking how to do this, you're as bothered by the fact that the username shows in plain sight as many of us. I've seen this since day one as a big security issue.
We submitted a request to Apple years ago to have this changed or give us an option to change it, but nothing has come of it yet, so we're stuck with the user icons at the FV2 login screen for now.

Yes, for sure, half the battle of getting into the machine is already been provided, now they just have to guess a password. As for most users, they do not always choose the most taxing of passwords for security whereas if you had to guess the username on top of this it would make it way more difficult. I have seen threads where people have been trying to do this such as this one:

https://jamfnation.jamfsoftware.com/discussion.html?id=7531

But alas.... And this machine before I enabled FV2 had the name and login password options selected so that does not help either....

Trust me, it does not work and there isn't currently a way to make it work. If there is and you find a way, please do post on how. This has been a gripe of mine for a while now.

On another thread, rtrouton politely mentioned that this is not as much Apple being stubborn as it is lack of features in the current EFi where FV2 lives. Apparently its not easy to make this change happen in the EFI space. While I logically understand that, part of me feels that Apple has the engineering chops to find a way to make it happen (if they want to), but isn't especially bothered about it apparently.
Like you I agree that knowing the username is half the battle and defeats some of the security FV2 provides in the first place. I sure wish Apple would come up with a way to change this.

If I find anything I will definitely post.

Yes I do wish Apple would sort this, makes little sense to have such security when you by-pass it by providing the username that has access to this "highly secure machine" you can log with right from the get go!

@Treger, I've been fooling around with modifying the FV2 Login UI, but be careful. You are close to what it needs to make the change.

As you mentioned, the location for all information for the EFI is /usr/standalone/i386/EfiLoginUI.

Now there was a guy on superuser.com that created a tool to read these files. He didn't post, maybe you can get ahold of him to release his tool. Here is his link http://superuser.com/questions/362788/how-do-i-change-the-filevault-login-icon-on-osx-lion
Also, what we have been toying with is changing the logo's on the FV2 Login page.
After we changed the icons in the mentioned post above, we ran a "fdesetup sync" which then copied the files over to the partition. This seems to work, but sometimes makes the ui buggy, you have to make sure your images are within the boundries of the ui.

Hope you get it workin!

I think Rich's thread said that he had a ticket open with Apple about this issue, Time for Apple to fix this issue!!!!!

According to @rtrouton there is no way to change that FV2 login screen.

@GaToRAiD Thanks bud, I will give that a go, I am not too fussed about the logo, its just the usernames already there that concern me, I have found that modifying the login/splash screen always produces a "lag" effect for logging in but in this case I am will into make the sacrifice of a login lag to have a screen where a potential "data thief" does not have half the job done for them by having a username provided for them to just try crack a password....

The last time I spoke with in person with Apple's engineers about this issue (two WWDCs ago), the answer I got back from them was that providing username and password blanks was "impossible". If you want to see if Apple can fix this anyway, the place to file that feature request is at the following location:

http://bugreport.apple.com

@rtrouton Thanks, I will try submit a feature request, am I being pedantic here or have other people got the same worry? I just feel that if you have the need to encrypt surely you are looking to be secure, being secure and providing a username for someone to have a crack at with passwords is not seemingly so secure is it? Especially if you look at posts about passwords and how many people have more or less the same one etc, the other point being is if it is not a regular password, having a users name and possibly a picture of them, you can track them down with social networks and then acquire information to try other password combinations, i.e. names of family members, relevant dates etc...

Maybe I am just going over the top?

Thanks Rich.
We still have an open AppleCare case with them on it, but the status has been at "Pending: Feature Request with Engineers" for about 2 years now and no real movement. Two WWDCs ago was a while ago now, so I still hold a glimmer of hope Apple is working on finding a way to do it.

@Treger,

I don't think your worries are misplaced, I just think that this is a hard problem for Apple to solve.

it shows the long name not the user name. chances are if they stole the computer they got the laptop bag it was in which likely has a business card or two, and quite possibly the password written down anyway. If its stolen, lock/wipe it with MDM and its not an issue.

Personally I hate the little picture just because to login to a computer you should have to type stuff. Remember Apple knows much more about what people want to do, like reverse mouse scrolling than the users themselves do though so, some things you file a bug on and learn to live with it.