FYI: FileVault 2 Error "FileVault is off"

Cyberghost
New Contributor III

Hi Folks,

I want to share some Information with you about an Error we got with the Activation of FileVault 2 in our environment.
Baseinfos:

JSS 8.62
Baseimage 10.8.2 created with instadmg; Default settings + Language DE

Configuration in Casper Imaging:
Baseimage

- After Reboot:
o Packages like Office 2011, Firefox, Settings and so on. Not very special
o customized First-Boot-Script based on the Script from Rich Trouton (Thx a lot, great work Rich)
o some other, not important scripts like AD-Binding, Flush Policy and so on

Ok, we use the Config since 4 Month for Imaging without any Problems. 2 Month ago we started to look at FileVault 2 with Casper. We created the Encryption Config and the Policy based on the JAMFsoftware Whitepapers. But instead of encrypting the client we get the Error “FileVault is off”. No other Informations.

After a lot of Tests and some Mails with JAMF, we found the following Solution:

From the First-Boot-Script of Rich we take the Step to disable Login for root (dscl . –create /Users/root UserShell /usr/bin/false) to our Script.
After disabling the Setting, it’s now possible to activate FileVault with a Casper-Policy. On old Clients which are already in production it’s ok to send dscl . –update /Users/root UserShell /usr/bin/false /bin/bash with Casper Remote.

I hope it help one or another in their environment.

Sorry for the English but I’m working on it ?

Thorsten

2 REPLIES 2

jwojda
Valued Contributor II

I think this is what we are running into - but the command you posted didn't seem to work.

Running command dscl . –update /Users/root UserShell /usr/bin/false /bin/bash... Result of command: dscl (v10.8) usage: dscl [options] [ []] datasource: localhost (default) or localonly (activates a DirectoryService daemon process with Local node only - daemon quits after use (requires DS proxy support, >= DS-158) or (Directory Service style node name) or (NetInfo style domain name) options:

jwojda
Valued Contributor II

i think i got the syntax right I had to use this on 10.8.x

dscl . -change /Users/root UserShell /usr/bin/false /usr/bin/bash