In place now, thanks to all
Below is the script i use, thanks to all who's work i have modified to get this working
########################################################################################
# Description
This script was designed to enable the currently logged in user's account the ability to unlock
a drive that was originally encrypted with the management account using a policy from the JSS.
The script will prompt the user for their credentials.
# This script was designed to be run via policy at login or via Self Service. The encryption
process must be fully completed before this script can be successfully executed.
########################################################################################
## Self Service policy to add the logged in user to the enabled list
of FileVault 2 users.
Pass the credentials for an admin account that is authorized with FileVault 2
adminName=$4
adminPass=$5
Outputs a Blank Line For Reporting Purposes
echo
if [ "${adminName}" == "" ]; then
echo "Username undefined. Please pass the management account username in parameter 4"
exit 1
fi
if [ "${adminPass}" == "" ]; then
echo "Password undefined. Please pass the management account password in parameter 5"
exit 2
fi
Get the logged in user's name
userName=$3
Get the OS version
OS=/usr/bin/sw_vers -productVersion | awk -F. {'print $2'}
This first user check sees if the logged in account is already authorized with FileVault 2
userCheck=fdesetup list | awk -v usrN="${userName}" -F, 'index($0, usrN) {print $1}'
echo User Logging In = $userName
echo Current FileVault User List = $userCheck
IFS="
"
Outputs a Blank Line For Reporting Purposes
echo
echo First Check Start
for user in $userCheck
do
# Outputs a Blank Line For Reporting Purposes
echo
echo Checking User Logging in $userName against $user
# Outputs a Blank Line For Reporting Purposes
echo
if [ "${user}" == "${userName}" ]; then
echo "User "${userName}" is already added to the FileVault 2 list."
exit 0
fi
done
echo First Check End
Outputs a Blank Line For Reporting Purposes
echo
Check to see if the encryption process is complete
encryptCheck=fdesetup status
statusCheck=$(echo "${encryptCheck}" | grep "FileVault is On.")
expectedStatus="FileVault is On."
if [ "${statusCheck}" != "${expectedStatus}" ]; then
echo "The encryption process has not completed, unable to add user at this time."
echo "${encryptCheck}"
exit 4
fi
Get the logged in user's password via a prompt
echo "Prompting ${userName} for their login password."
userPass="$(osascript -e 'Tell application "System Events" to display dialog "Your account cannot unlock this Computer after a reboot.
Please enter your login password to enable this." default answer "" with title "Startup Password" with text buttons {"Ok"} default button 1 with hidden answer' -e 'text returned of result')"
Outputs a Blank Line For Reporting Purposes
echo
echo "Adding User "${userName}" to FileVault 2 list."
echo "<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>Username</key><string>"$adminName"</string><key>Password</key><string>"$adminPass"</string><key>AdditionalUsers</key><array><dict><key>Username</key><string>"$userName"</string><key>Password</key><string>"$userPass"</string></dict></array></dict></plist>" | fdesetup add -inputplist
Outputs a Blank Line For Reporting Purposes
echo
This second user check sees if the logged in account was successfully added to the FileVault 2 list
userCheck=fdesetup list | awk -v usrN="${userName}" -F, 'index($0, usrN) {print $1}'
IFS="
"
echo Second Check Start
for user in $userCheck
do
# Outputs a Blank Line For Reporting Purposes
echo
echo Checking User Logging in $userName against $user
# Outputs a Blank Line For Reporting Purposes
echo
if [ "${user}" == "${userName}" ]; then
echo "${userName} is on the FileVault 2 list."
exit 0
fi
done
echo Second Check End
Outputs a Blank Line For Reporting Purposes
echo
echo "Failed to add user to FileVault 2 list."
echo "Currently enabled users:"
echo "${userCheck}"
exit 6