Help

FV2 with Shared MBP

Go to solution
VitorCostaUK
New Contributor III

Posted on ‎08-06-2019 06:54 AM

I'm trying to set up 32 2019 MBP's, deployment etc all configured but the last issue I have is managing file vault 2 and multiple users.

Currently, the first logged in user is prompted to enter their password to initiate the FV2 encryption, but then when restarting only that first user and guest is shown, these MBPs will be used by multiple users.
4a6bf2a110c046d98761d4689c38bddd

What I want :

I would love to have FV2 enabled on the local drive and automatically allow all AD users to authenticate when the user turns on the MBP it just goes to the login window that prompts for username and password.
ebdfd3cffe9f4f5686e800e4f72ee426

is this possible? 904c27bf29774d4da1b74d16a030b8d8

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
sdagley
Esteemed Contributor II

Posted on ‎08-06-2019 07:26 AM

@VitorCostaUK For shared Macs FileVault doesn't really make sense. You'd have to create an account for every user that would need to be able to log in to the machine and enable it to unlock FileVault. That means anyone who has an account could potentially access the info from all the other accounts on the Mac. That's not really a secure situation.

View solution in original post

0 Kudos
Reply
6 REPLIES 6

Go to solution
sdagley
Esteemed Contributor II

Posted on ‎08-06-2019 07:00 AM

@VitorCostaUK There is no way to allow AD logins from the FileVault unlock screen. The Mac is not on the network at that point in the boot process.

0 Kudos
Reply

Go to solution
VitorCostaUK
New Contributor III

Posted on ‎08-06-2019 07:05 AM

@sdagley

so whats the best method to allow for shared MBP useage with FV2 enabled ?

0 Kudos
Reply

Go to solution
sdagley
Esteemed Contributor II

Posted on ‎08-06-2019 07:26 AM

@VitorCostaUK For shared Macs FileVault doesn't really make sense. You'd have to create an account for every user that would need to be able to log in to the machine and enable it to unlock FileVault. That means anyone who has an account could potentially access the info from all the other accounts on the Mac. That's not really a secure situation.

0 Kudos
Reply

Go to solution
VitorCostaUK
New Contributor III

Posted on ‎08-06-2019 07:28 AM

@sdagley thats what i was afraid of , being a school we need to ensure that all students could have accessed the MBP.

Thanks for the confirmation

0 Kudos
Reply

Go to solution
sdagley
Esteemed Contributor II

Posted on ‎08-06-2019 07:36 AM

@VitorCostaUK As a school you should probably look at setting a Firmware/EFI password so that students can't boot into Recovery Mode and try to modify accounts

Reply

Go to solution
VitorCostaUK
New Contributor III

Posted on ‎08-07-2019 01:34 AM

@sdagley yep already do that in the deployment stage, we just wanted to ensure that student devices were also encrypted for GDPR purposes .

0 Kudos
Reply