Posted on 04-07-2016 04:02 PM
We're using a Configuration Profile to enable FV2.
The problem is, during the first boot wizard sometimes the _mbsetupuser is the user it chooses for deferred encryption. If we go through the setup wizard and login fast enough (before the profiles are pushed down) then it seems to use the proper created user.
Have any of you encountered this issue or know a decent workaround?
Posted on 04-07-2016 06:27 PM
might be worth reading:
http://www.johnkitzmiller.com/blog/how-i-deploy-filevault-2/
Posted on 04-25-2016 05:59 PM
I opened a support ticket with Apple and they have confirmed and replicated the issue.
Hopefully this means they will fix it soonish.
Posted on 04-25-2016 07:10 PM
Just to play devil's advocate is there as reason you're doing it via Config Profile? You could easily take care of this via Policy. I'm not sure if the _mbsetupuser problem would appear or not, but the testing I've done doesn't seem to run into this issue. You'd also be able to set up a policy to run after that, as well, that would enable the Management Account for FV2.
Just a thought and my two cents :)
Good luck!
Chris