How to enable existing local account for FileVault 2?

Question

We have 100+ Mac devices on Big Sur in our environment and would like to enable a specific local "IT Admin" account for FV2, so that the account is selectable upon booting the device. I'm aware of creating a new local account via policy and enabling the user throw the radio button, but the message displays "Beginning with macOS 10.13, you cannot use this method to enable a user for FileVault."

Is there another way to go about enabling an account for FV2?

lrabotteau · Answer

Hello @AUng , Have you try to create an user without using JAMF Policy but using Files and Process payload with the CLI to create an user like
sysadminctl .. ?
The create user directly got the SecureToken and can "Enable user for FileVault 2"

I'm using it on PROD and works perfectly

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded