Policy enabling File Vault 2

Contributor III

Just testing policy to enable File Vault 2 on OS X 10.10.1 computers to comply with a security audit and found some strange behaviour. The policy runs with an institutional recovery key and via the management account but with errors even though the policy executes and the disk proceeds to encrypt.

Log output from the policy below:
Executing Policy File Vault 2 disk encryption...
Adding user *** to filevault
Error adding user to FileVault: FileVault is Off.
Error encrypting disk: Already enabled error.
Blessing i386 OS X System on /...
Creating Reboot Script...

Is this just a case of how OS X 10.10.1 and JSS 9.61 interacts or are we missing something?


Valued Contributor

We're running 10.10.1 with dual key encryption, and it is working for us. Can you enable it manually with fdesetup?

Weird possible solution: when you image the machines with 10.10.x, are you converting to Core Storage at that time?