Prompting to enable FileVault

jauggie
New Contributor

Still getting the prompt to enable filevault encryption on MacBook Pro running Yosemite
after removal of "jamf" ?? Would anyone know what is the cause and how to remove ??

11 REPLIES 11

JustDeWon
Contributor III

How did you "remove jamf" from the machine.. Did you remove framework from the terminal, and also removed out of JSS?

gskibum
Contributor III

I had the same issue for several months, both with Yosemite and El Capitan.

The 10.11.4 update solved it for me.

gachowski
Valued Contributor II

Yep there is a thread about this floating around or in a thread about FV... it was sort of left as an Apple issue..

C

thoule
Valued Contributor II

That's because the Mac is set to enable FileVault. Removing JAMF doesn't remove that command. I believe 'fdesetup disable' will cancel it though.

gskibum
Contributor III

fdestup -disable would only work short term for me. The only permanent solution I have found is 10.11.4.

JustDeWon
Contributor III

I have yet to experience that issue... Normally if I unenroll a machine and remove from the JSS, they wouldn't get the policies for FileVault2..

gskibum
Contributor III

@JustDeWon

Yeah at first I also thought it was a Casper thing. But I would remove the JAMF framework and also remove the devices from the JSS, and would still get the prompt.

I have a test box with a small SSD (i.e. fast encryption) I can test this with. I've been meaning to confirm my findings anyway. This drove me nuts for quite some time.

themonger13
New Contributor II

try hosing the /Library/Preferences/com.apple.fdesetup.plist (if there is one). I think @thoule & I figured out at some point it was being a PITA.

gskibum
Contributor III

OK so I did my little test and threw in @themonger13's suggestion into the mix.

  1. Lay down 10.10.5 Yosemite & create local admin accountl.
  2. Enroll in JSS. A hidden management account is created on enrollment.
  3. Scope FiveVault2 via policy in Self Service to this box.
  4. Recon (for no good reason).
  5. Remove Mac from JSS.
  6. Remove framework.
  7. Disable FileVault2 and let decryption process complete.
  8. Reboot and log in to local admin account - and get prompted to reenable FileVault2 (without a second account to log in to it would be necessary to reenable FileVault2).
  9. Cancel and return to login screen.
  10. Log in to invisible management account. No prompt.

  11. Delete /Library/Preferences/com.apple.fdesetup.plist.

  12. Reboot and log in to local admin account - no prompt for FileVault.

It seems @themonger13's suggestion works.

Press on to confirm whether or not El Capitan 10.11.4 corrects the problem:

  1. From the original local admin account reenable FV2 via Self Service.
  2. Let encryption complete.
  3. Disable FV2 and let decryption complete.
  4. Reboot.
  5. Log in to original local admin account and again get prompted to reenable FV2.
  6. Deny and log in to second local admin account.
  7. Confirm /Library/Preferences/com.apple.fdesetup.plist is present.
  8. Upgrade to El Capitan 10.11.4 through Self Service.
  9. Attempt to log in to first local admin account - get the steenking prompt. So much for the 10.11.4 solution.
  10. Log in to second local admin account and delete /Library/Preferences/com.apple.fdesetup.plist.

  11. Problem gone.

@themonger13 wins the beers.

mscottblake
Valued Contributor

The underlying reason is that Casper just initiates the change. Once it's set to enable, the rest is internal to the OS. You have to remove the plist to tell the OS to no longer enable.

mml7
New Contributor II

If you're buyin' @themonger13 likes this