FV2 settings staying behind after removing JAMF framework

New Contributor III

In our environment all devices are required to be encrypted. When a student graduates, the laptop they were issued is given to them. We run a cleanup script that removes our software, admin accounts, removes the JAMF framework and then reboots for housekeeping.

Subsequently, when the end user decrypts the hard drive, they get a system message that states the administrator requires that FileVault be enabled. This was originally set using a policy, setting an Individual Recovery Key escrowed it on the JSS and an Institutional Key. (A practice that we have since stopped.)

It would seem that we haven't' removed all of our hooks and this needs to be resolved without wiping the drive.

Any suggestions??


New Contributor III

Here is an update.
Removing /Library/Preferences/com.apple.fdesetup.plist and /Library/Keychains/FileVaultMaster.keychain this resolves very nicely and returns FileVault back to it's default behavior.

New Contributor II

Just ran into this, thanks for the update you found!