Posted on 01-28-2015 07:28 AM
I was wondering if anyone can share how they have tackled FV2 with multiple AD user accounts. Currently our Macs are encrypted with one authorised account, and this is all managed by Casper and works very well.
However, I am now seeing requests from some teams that have users sharing a Mac and so want to enable more than one account to unlock the disk. Now without getting into a debate on if this is good practice or not - has anyone achieved this with the Casper suite and if so how?
Thanks!
Posted on 01-28-2015 07:42 AM
I don't know if Casper stores multiple FileVaults keys per computer record, but I've done multiple FileVault enabled accounts before without problems, before I used Casper.
Posted on 01-28-2015 07:47 AM
@lashomb happy with one key, it is the multiple enabled accounts that I am interested in.
My current thinking, if I were to do this, is that I would script around the 'fdesetup add' command but the may be a better way that i'm not seeing.
Posted on 01-28-2015 07:50 AM
Rich Trouton is the guru of all things file vault and has a number of blogposts on the subject. You can accomplish what you desire, however it requires knowledge of the username and password to feed it. We generally just have a tech add additional unlock users on a case by case basis when required.
https://derflounder.wordpress.com/2012/07/25/using-fdesetup-with-mountain-lions-filevault-2/
Posted on 01-28-2015 08:15 AM
Are these folks admin users? If so, there's a fairly easy way to add more users via System Preferences. See the Enabling Non-Enabled Admin Users For FileVault 2 Via System Preferences section from the link below:
https://derflounder.wordpress.com/2014/12/18/ten-things-you-might-not-know-about-filevault-2/