Help

Issue on Initial Enablement of FileVault and Authenticated Reboot.

Go to solution
HNTIT
Contributor II

Posted on ‎02-14-2018 09:26 AM

I have a Policy that Enabled FileVault.

The Issue is that contrary to Apple Documentation, on El Capitan it sits in Limbo until the next reboot !! This is the message we get.

Recovery key = '(...)'
FileVault is Off, but will be enabled after the next restart.

FileVault reports in JAMF as Enabled and the Recovery Key is Stored, but the MAC itself wont do anything FileVault related, which very annoyingly includes doing an Authenticated Reboot. So when I am encrypting a MAC in another country, I have to ensure there is someone in front of the Machine that I can furnish with the Recovery Key or a password so on the first reboot they can unlock it. After that I can do authenticated reboots as often as i like.

This majorly sucks, I am assuming there is something peculiar about how JAMF manages the initial Enablement of FileVault.

Anyone have any ideas on how to work around this ?

Or why this is different ?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
HNTIT
Contributor II

Posted on ‎03-05-2018 08:27 AM

Found the Issue.

Apple Lied, anything Pre 10.12 we have found, requires a reboot to start the FileVault Encryption, and until then you cannot add extra users.

As filevault is not actually enabled until next boot the reboot script wont work so you need to authenticate on the first reboot, rubbish and totally contrary to the APple documentation, but thats what we have found across our estate.

Machines that cant take 10.12 are being done very carefully, those that can are being upgraded to Sierra before FV2 is enabled.

View solution in original post

0 Kudos
1 REPLY 1

Go to solution
HNTIT
Contributor II

Posted on ‎03-05-2018 08:27 AM

Found the Issue.

Apple Lied, anything Pre 10.12 we have found, requires a reboot to start the FileVault Encryption, and until then you cannot add extra users.

As filevault is not actually enabled until next boot the reboot script wont work so you need to authenticate on the first reboot, rubbish and totally contrary to the APple documentation, but thats what we have found across our estate.

Machines that cant take 10.12 are being done very carefully, those that can are being upgraded to Sierra before FV2 is enabled.

0 Kudos