#JNUC : Managing FileVault 2 on OS X Mountain Lion with the Casper Suite

Tad
New Contributor III

Rich Trouton will be presenting this session on Tuesday, Oct 23 at 10:45am. Wurtle Thrust Stage (level 4)

For everyone who will be in the audience (and everyone who would like to but can't make it), let's use this thread to collect thoughts/ideas/links/questions. Rich will also be hosting an overtime session later that afternoon to answer questions that he couldn't get to in the main session. (Nelson Classroom, level 8, 3:30 - 4:30pm)

I'll kick it off with some helpful links (lifted shamelessly from Rich's presentation):

8 REPLIES 8

clifhirtle
Contributor II

Appreciate the repostable screen flows here Rich.

Curious on common scripts or remote commands you've found needed after setting up FV2 on your machines. Are there specific gotchas you've found or things to look our for? Overview of leveraging self service a great start.

Looking at options between FV2 through Casper vs Credent, which we understand may be able or manage FV2 itself as well.

rtrouton
Release Candidate Programs Tester

Cliff,

The most common gotchas I've run into are the following:

  1. FileVault 2 won't enable - Usually this means that the Recovery HD partition isn't there, though there may be other OS or CoreStorage-related problems that are preventing FV 2 from turning on. In general, if FV 2 doesn't turn on, check for the the following:

A. Is the Recovery HD partition present?
B. Is the boot drive part of a software RAID? (FV 2 won't enable on a RAID if it can detect it.)
C. Are there other OS problems (freezing, kernal panics, etc.) happening on this Mac?

  1. Incorrect understanding of how fdesetup's options work - I tried to call out this most common misunderstandings during my talk, but here's the ones I've encountered most often:

A. Can you use fdesetup's defer option to add multiple accounts, or add accounts following encryption?

The defer option enables one single user account at the time of turning on FileVault 2 encryption. The defer option does not enable multiple user accounts and cannot be used to enable accounts once FileVault 2 encryption has been turned on.

B. Can I use fdesetup sync to add accounts?

No, the sync command does not allow accounts to be added from a directory service.

fdesetup sync's main use currently is to automate the disabling of FileVault 2-enabled accounts by checking the directory service to see which accounts have been removed.

rtrouton
Release Candidate Programs Tester

For those who wanted a copy of my FileVault 2 slides, here are links to the slides in PDF and Keynote format.

PDF: http://tinyurl.com/jnuc2012fv2PDF

Keynote slides: http://tinyurl.com/jnuc2012fv2keynote

vwebb
New Contributor

Is there any way to see video of the demo pieces of this session?! I find myself desperately wishing I was there to see some of the 'actuals'. Thanks for taking time to work all this up!

rtrouton
Release Candidate Programs Tester

vwebb,

The Keynote slides include the demos as embedded movie files, so you can download the slides and watch them.

vwebb
New Contributor

Thanks Rich! I was looking via Preview, not Keynote. After using Keynote to open I'm able to see the videos with no problem, but there is no audio during them for me. Am I doing something else wrong? :)

rtrouton
Release Candidate Programs Tester

vwebb,

You're doing it right. The demo movies themselves don't have a soundtrack. If you want what I'm saying during the demos, that will need to wait until JAMF posts the session video.

Tad
New Contributor III