Help

How Do I Invalidate a FileVault Recovery Key

GhostBuster
New Contributor

Posted on ‎11-03-2017 09:18 AM

I would like to test a script to re-issue a FVRK to any enrolled device with an individual recovery key that is not valid. So, on my test machine, how do I invalidate a key that is already valid so I can verify that the script will reissue a valid key? The test machine is on Sierra, 10.12.6, and the server is running v9.96. Thanks.

0 Kudos
Reply
1 REPLY 1

rderewianko
Valued Contributor II

Posted on ‎11-03-2017 12:59 PM

What comes to mind is: https://derflounder.wordpress.com/2015/12/20/managing-el-capitans-filevault-2-with-fdesetup/
Here's what I'd do
Un enroll the machine (or just kill the mdm)
Run the change key for personal command using the command 

fdesetup changerecovery -personal

Re-enroll the machine, it would then have an invalid personal key that jamf doesn't know about.

0 Kudos
Reply