I need to do a JSS search to find out if a computer sent it's FV2 key up properly.

ClassicII
Contributor III

Hey Guys, I am trying to figure out how to do a search to find out if our 10.8 machines have sent up their FV2 key properly to the JSS. We had a few that did not when we first started imaging. The JSS record reports that the machine is 100% encrypted but the key did not make it up for some reason. I want to be able to find the machines now and in the future if it happens and fix them.

Any ideas?

2 REPLIES 2

mm2270
Legendary Contributor III

I don't know for sure if this would work since we don't have a situation like yours to test against, but try using the Storage Information criteria under an Advanced Search:

FileVault 2 Status | Is | All Partitions Encrypted
and
Disk Encryption Configuration | Is | <Your Encryption Config Name>
and
FileVault 2 Recovery Key Type | Is Not | Individual And Institutional
(or whatever type you used in your config)

That may catch those instances for you, but you'll need to play with that. As I said, I have no way to really test that.

ClassicII
Contributor III

Thanks i think that may be as close as we can get. I was messing around with the search yesterday trying to do the same thing but did not try out the "key type"

Using that though does show all the machines with the key which is good! Then all i would have to do is put that list against all the 10.8 machines and whats left is the machines that do not have the key in the record.