Is require user to unlock filevault after hibernation needed if you set it to disable?

efitting
New Contributor

I am experiencing an issue where users are able to disable filevault even though the "User Adjustment of FileVault options" is set to "Prevent FileVault from being disabled".  But at times users are then given the ability to disable filevault randomly until I distribute the profile again. I also have the setting "Require user to unlock FileVault After hibernation" set to disable in this profile. Could that setting be causing this issue? 

2 REPLIES 2

AJPinto
Honored Contributor II

I would confirm the profile is actually on the devices in question. If redistributing is the fix for one off cases, you may just want to redistribute to the entire environment. Apple has changed a lot with FileVault enablement over the past 2 years, older devices may need a little grease on the wheels. 

 

If you wanted to spot check, you can sudo fdesetup disable. If FV is enabled with a configuration profile this command will give an error.

efitting
New Contributor

Thank @AJPinto I was able to confirm that the profile was present on the machine but i was still able to disable the firewall with the terminal command "sudo fdesetup disable" it was odd since the button was disabled and greyed out for me but through terminal i was able to by pass that.